Loading...

Public Preview Announcement: Azure Policy Built-in Versioning

Public Preview Announcement: Azure Policy Built-in Versioning

Welcome to a new era of policy management, where policy definitions are more agile, adaptable, and accessible than ever before! We are thrilled to introduce version management support for controlled built-in definition and initiative updates through Azure Policy. In a push to empower and simplify policy management, built-in definitions and initiatives will have the ability to store & reference multiple versions within a single definition ID. This new development will enhance your ability to govern, enforce and evolve your cloud governance policies. Keep reading for more information and be sure to check out our video walk-through of versioning to get started and learn more. 

 

What's new? Now, built-in definitions and initiatives can reference multiple versions within a single definition ID! This will help with:

 

  • Regulated updates: All built-in definitions will be reviewed and evaluated to stay aligned with versioning guidelines standards.
  • Change Management: Version will provide visibility into the evolution of built-in definitions and initiatives over each iteration.
  • Controlled application and enforcement: Users can specify what version of the definition or initiative to be assessed against at assignment time. 
  • Gradual Rollout: Versioning in collaboration with assignment resource selectors and overrides can be used to introduce new versions of definitions gradually into the environment.
  • Testing and quality assurance: Different versions of definitions may undergo different stages of roll out and application.  
  • Versioning awareness: Applicable version number will be shown in compliance logs on a per resource basis.

 

Ready to dive in? Keep reading to discover how you can get started with Policy versioning and make the most of these new capabilities!

 

Getting started 

All built-in definitions and initiatives have been updated to be on the latest current version. This can be seen in the portal, or through making a direct API call to the built-in definition. Through either client, you will see a new top-level version property (that follows semantic versioning format: #.#.#)

 

Now if that built-in definition were to introduce a new version, you would see the same definition ID but a new top level version number. With a slight change to the API call, you can retrieve other versions. See Policy Definition Versions - REST API (Azure Policy) | Microsoft Learn. If no version is specified, the latest version will be returned.

 

jodiboone_0-1720480236150.png

 

Portal:

When assigning a definition or initiative, users can select from either the current or previous versions while maintaining awareness of the version in your environment.

 

jodiboone_1-1720480236155.png

 

 

API Response:

The current version of the definition can also be seen through querying the definition ID, by default the latest version will be returned.

jodiboone_2-1720480236157.png

 

Important items to note: 

 

1. Assignment version reference 

All current assignments of built-in definitions and initiatives have been backfilled to reference the latest version of the definition and allow for updates on minor definition versions. Any assignment would ingest all minor changes as before but will not auto-ingest major or breaking changes.  If you do not want to ingest minor changes, you can update the existing assignment to pin to a minor version.

 

2. Understand patch change pattern.  

Assignments will not be able to pin to the patch version of definitions. Patch is reserved for non-impacting text changes and critical hotfixes. Patch changes require ingestions reserved for rare and special cases. Since a text change or definition category can occur without warning, please ensure any additional functionality relies on the definition ID and not the definition name as the name is dynamic, but ID is static.

 

3. Understand major vs minor updates.

Following semantic versioning, major updates occur when there is a breaking change to the definition. This could include introducing a new deny policy to a built-in initiative. A minor update does not include breaking changes but can include rule logic changes that enhance the scope of the definition’s applicability or changes to parameters. 

 

Stay tuned for more updates on Azure Policy features and releases here, and on X at @AzureGovernance.

 

Link to video overview of Policy versioning: https://youtu.be/eejdoDgofZ8

 

Published on:

Learn more
Azure Governance and Management Blog articles
Azure Governance and Management Blog articles

Azure Governance and Management Blog articles

Share post:

Related posts

Cognitive services and Azure ML for Dataflows will be fully retired by September 15th, 2025

This blog is outlining the depreciation announcement for Azure ML and Cognitive services using dataflows.

1 day ago

Azure Developer CLI: From Dev to Prod with One Click

This post walks through how to implement a “build once, deploy everywhere” pattern using Azure Developer CLI (azd) that provisions...

1 day ago

AI Builder – Invoice processing and Invoices document type to begin using Azure

Starting on July 21, 2025, the prebuilt model invoice processing and invoices document type (built on Azure Document Intelligence 4.0) will be...

1 day ago

Dataverse: Learn How to Implement Azure Durable Functions – Payment Scenario

Azure Durable Functions is an extension of Azure Functions that offers specialized capabilities, including statefulness, orchestration, handli...

2 days ago

Build reliable Go applications: Configuring Azure Cosmos DB Go SDK for real-world scenarios

When building applications that interact with databases, developers frequently encounter scenarios where default SDK configurations don’...

5 days ago

Webinar: Smart Document Management in SharePoint with Copilot Agents & Azure AI

Managing a flood of incoming documents, whether for loan applications, onboarding, or compliance, can quickly become chaotic. Manually sorting...

6 days ago

Building Event-Driven Go applications with Azure Cosmos DB and Azure Functions

The Go programming language is a great fit for building serverless applications. Go applications can be easily compiled to a single, staticall...

11 days ago

July Patches for Azure DevOps Server

Today we are releasing patches that impact the latest version of our self-hosted product, Azure DevOps Server. We strongly encourage and recom...

13 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy