Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards. Can define both individual policies and groups of related policies known as **initiatives**. Azure policies can be applied at varying levels such as on specific resources, resource groups, subscriptions, and more. These policies are also **inherited** meaning that if a policy is applied at a high level, it will automatically be applied to the groupings within the parent/ will be nested under the parent. **Example:** Applying a policy to a resource group will automatically apply to all resources created within that group. Azure Policy comes with built-in policy and initiative definitions for Storage, Networking, Compute, Security Center, and Monitoring. In some cases Azure Policy can automatically remediate non-compliant resources and configs. **Example:** If all resources within a specific resource group must be tagged with an AppName tag and a value of "EXAMPLE_VALUE", Azure Policy will automatically apply that tag if it is missing. You can also flag resources that should be treated as an exception so that the policy will not automatically fix it. **Azure Policy Initiative:** A method of grouping related policies together. The initiative definition contains all of the policy definitions to help track compliance state for a larger goal. **Example Initiative:** Enable Monitoring in Azure Security Center contains the following policy definitions: - **Monitor unencrypted SQL Database in Security Center** This policy monitors for unencrypted SQL databases and servers. - **Monitor OS vulnerabilities in Security Center** This policy monitors servers that don't satisfy the configured OS vulnerability baseline. - **Monitor missing Endpoint Protection in Security Center** This policy monitors for servers that don't have an installed endpoint protection agent.