What’s new with Azure Policy for Lab Services?
Azure Lab Services has added 4 built-in Azure policies. Azure Policy help IT administrators to manage and prevent issues automatically. Policy definitions enforce rules and effects for your resource. This blogpost summarizes the new policies available in the August 2022 Update for Azure Lab Services.
- Lab Services should enable all options for auto shutdown
- Lab Services should not allow template virtual machines for labs
- Lab Services should require non-admin user for labs
- Lab Services should restrict allowed virtual machine SKU sizes
For a full list of built-in policies, including policies for Lab Services, see Azure Policy built-in policy definitions.
Lab Services should enable all options for auto shutdown
This policy is used to enforce that all shutdown options are enabled while creating the lab. During policy assignment, lab administrators can choose the following effects.
| Effect | Behavior |
| Audit | Labs will show on the compliance dashboard as non-compliant when all shutdown options are not enabled for a lab. |
| Deny | Lab creation will fail if all shutdown options are not enabled. |
Lab Services should not allow template virtual machines for labs
This policy can be used to restrict customization of lab templates. While creating a new lab, there is an option either to “create a template virtual machine” or “Use virtual machine image without customization”. If this policy is enabled, only the “Use virtual machine image without customization” is allowed . During policy assignment, lab administrators can choose the following effects.
| Effect | Behavior |
| Audit | Labs will show on the compliance dashboard as non-compliant when a template virtual machine is used for a lab. |
| Deny | Lab creation to fail if “create a template virtual machine” option is used for a lab. |
Lab Services require non-admin user for labs
This policy is used to enforce using non-admin accounts while creating a lab. With the August 2022 Update, you can choose to add a non-admin account to the VM image. This new feature allows you to keep separate credentials for VM admin and non-admin users. For more information to create a lab with a non-admin user, see Tutorial: Create and publish a lab, which shows how to give a student non-administrator account rather than default administrator account on the “Virtual machine credentials” page of the new lab wizard.
During the policy assignment the lab administrator can choose the following effects.
| Effect | Behavior |
| Audit | Labs show on the compliance dashboard as non-compliant when non-admin accounts is not used while creating the lab. |
| Deny | Lab creation will fail if “Give lab users a non-admin account on their virtual machines” is not checked while creating a lab. |
Lab Services should restrict allowed virtual machine SKU sizes
This policy is used to enforce which SKUs are allowed to be used while creating the lab. For example, a lab administrator might want to prevent educators from creating labs with GPU SKUs since they are not needed for any classes being taught. This policy would allow lab administrators to enforce which SKUs are allowed to be used while creating the lab. During the policy assignment the Lab Administrator can choose the following effects.
| Effect | Behavior |
| Audit | Labs shows on the compliance dashboard as non-compliant when a non-allowed SKU is used while creating the lab. |
| Deny | Lab creation will fail if SKU chosen while creating a lab is not allowed as per the policy assignment. |
In tomorrow’s blogpost we’ll see how to use the “Lab Services should restrict allowed virtual machine SKU sizes” azure policy.
Thanks,
Lab Services Team
References:
Published on:
Learn moreRelated posts
Semantic Reranking with Azure SQL, SQL Server 2025 and Cohere Rerank models
Supporting re‑ranking has been one of the most common requests lately. While not always essential, it can be a valuable addition to a solution...
How Azure Cosmos DB Powers ARM’s Federated Future: Scaling for the Next Billion Requests
The Cloud at Hyperscale: ARM’s Mission and Growth Azure Resource Manager (ARM) is the backbone of Azure’s resource provisioning and management...
Automating Business PDFs Using Azure Document Intelligence and Power Automate
In today’s data-driven enterprises, critical business information often arrives in the form of PDFs—bank statements, invoices, policy document...
Azure Developer CLI (azd) Dec 2025 – Extensions Enhancements, Foundry Rebranding, and Azure Pipelines Improvements
This post announces the December release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) Dec 2025 – Extensions En...
Unlock the power of distributed graph databases with JanusGraph and Azure Apache Cassandra
Connecting the Dots: How Graph Databases Drive Innovation In today’s data-rich world, organizations face challenges that go beyond simple tabl...
Azure Boards integration with GitHub Copilot
A few months ago we introduced the Azure Boards integration with GitHub Copilot in private preview. The goal was simple: allow teams to take a...
Microsoft Dataverse – Monitor batch workloads with Azure Monitor Application Insights
We are announcing the ability to monitor batch workload telemetry in Azure Monitor Application Insights for finance and operations apps in Mic...
Copilot Studio: Connect An Azure SQL Database As Knowledge
Copilot Studio can connect to an Azure SQL database and use its structured data as ... The post Copilot Studio: Connect An Azure SQL Database ...
Retirement of Global Personal Access Tokens in Azure DevOps
In the new year, we’ll be retiring the Global Personal Access Token (PAT) type in Azure DevOps. Global PATs allow users to authenticate across...