You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Describes the rules Azure Policy uses to determine whether the policy is applied to its assigned resources.
4
-
ms.date: 05/20/2022
4
+
ms.date: 05/23/2022
5
5
ms.topic: conceptual
6
6
ms.author: timwarner
7
7
author: timwarner-msft
8
8
---
9
9
# Azure Policy applicability logic
10
10
11
11
Azure Policy effects are applied based on the evaluation result of the
12
-
****If**** condition(s) defined in the definition JavaScript Object Notation (JSON)
12
+
**If** condition(s) defined in the definition JavaScript Object Notation (JSON)
13
13
file.
14
14
15
-
## Applicability logic for Append/Mod**If**y/Audit/Deny/DataPlane effects
15
+
## Applicability logic for Append/Modify/Audit/Deny/DataPlane effects
16
16
17
-
Azure Policy evaluates only typeand name conditions in the **If** and treats other conditions as true (false when negated). **If** the final evaluation result is true, the policy is applicable. Otherwise, it's not applicable.
17
+
Azure Policy evaluates only type, name, and kind conditions in the **If** expression and treats other conditions as true (false when negated). **If** the final evaluation result is true, the policy is applicable. Otherwise, it's not applicable.
18
18
19
19
Following are special cases to the previously described applicability logic:
20
20
21
-
- Any invalid aliases in the ****If**** conditions
21
+
- Any invalid aliases in the **If** conditions
22
22
- The policy is not applicable
23
-
- When the **If** conditions consist of only type conditions
23
+
- When the **If** conditions consist of only kind conditions
24
24
- The policy is applicable to all resources.
25
25
- When the **If** conditions consist of only name conditions
26
26
- The policy is applicable to all resources.
27
-
- When the **If** conditions consist of only type and name conditions
28
-
- It depends on which field the first condition in the **If** refers to. It applies the applicability logic with conditions with that field only. E.g. when **type** field appears in the first condition of the **If**, only type conditions are considered when deciding applicability. When **name** field appears in the first condition of the **If**, only name conditions are considered when deciding applicability.
29
-
- When any conditions (including deployment parameters) include a location condition
27
+
- When the **If** conditions consist of only type and kind conditions
28
+
- It depends on which field the first condition in the **If** refers to. It applies the applicability logic with conditions with that field only. For example, when a **type** field appears in the first condition of the **If**, only type conditions are considered when deciding applicability. When a **name** field appears in the first condition of the **If**, only type conditions are considered when deciding applicability.
29
+
- When any conditions (including deployment parameters) include a **location** condition
30
30
- Will not be applicable to subscriptions
31
31
32
32
## Applicability logic for AuditIfNotExists and DeployIfNotExists policy effects
@@ -37,4 +37,4 @@ The applicability is based on the **If** conditions. When the **If** evaluates t
37
37
38
38
- Learn how to [Get compliance data of Azure resources](../how-to/get-compliance-data.md).
39
39
- Learn how to [remediate non-compliant resources](../how-to/remediate-resources.md).
40
-
- Review the [update in policy compliance for resource type policies](https://azure.microsoft.com/en-us/updates/general-availability-update-in-policy-compliance-for-resource-type-policies/).
40
+
- Review the [update in policy compliance for resource type policies](https://azure.microsoft.com/updates/general-availability-update-in-policy-compliance-for-resource-type-policies/).
0 commit comments