Nerdio Resource rules and azure policies

Welcome to the community, Christophe Fettouhi 🙂!

I like what you're proposing.
Having a centralized way to manage/deploy Azure Policies, similar to how we're doing it with Intune policies, could pretty powerful.

Out of curiosity, are you currently using Azure Policy with your customers or are you looking to move to that in the near future?

I helped a customer moving there AVD setup from west Europe to another region. The reason for this was of course the region is overcommitted and they where running into way to many issues with SKUs not being available.

On top of that project they where redesigning their landing zones and implementing Azure policies with SKU limitation. The reason for this is people where just over spending not just with AVD but everything and the finance department wanted to stop people from deploying things with a SKU that was just too expensive.

The client is very large with global footprint and big IT and dev department. So when moving things into the new landing zore there where a lot of finding but the biggest hurdle was the SKUs and the policies where changing daily/weekly which cause issues with finding out what we where allowed to deploy and that cause errors in the deployment because Nerdio could not see the updates.

Everything got solved and we got the setup reimplemented into thier new landing zones but, I forsee this being an issues in the future because client dont want to let people deploy everything they can and policies is the only way to limit that. We can edit and create in nerdio resource rules but why have to maintain them on top of also maintain the azure policies.

A sync somehow should be possible. It could be that Nerdio cloud implement a full policy control but this client uses IaaS for their landing zone deployment and SKU updates so I don't think their Azure department wants to use GUI. the AVD/virtual workspace depart needs just to know when the skus change and that can be a problem getting that information cross regions/timezones and if people leave over time. 
 

Thanks, Christophe. I always appreciate the extra insight our partners provide.

What you're describing sounds like a typical use-case for larger customers.
Smaller customers (1-25) aren't likely to use it, but I'm hoping more and more partners start adopting the Cloud Adoption Framework/Azure Landing Zones in their designs. 

You could potentially work around that by restricting access to the Azure Portal and making all creation happen through the Nerdio Manager portal.
It's not ideal because we don't have 100% Azure functionality, but it could be a bandaid, for now.