Understanding exactly where your business resources and data sits within the cloud is an important part of your governance, control and your geo-compliance requirements. It can also assist with reducing latency if the regions are the closest to your end users.
This guide shows you how to implement an Azure region policy to only allowing your resources to be deployed in UK locations.
Within Resource Groups, select the resource group where you want to apply the control
Select Policies > Assignments and then Assign Policy
Ensure the correct scope is selected then create a logical name
Under the policy definition, search for allowed locations as shown below;
Once this is added you will need to select the locations of your choice, for this example I have selected UK South and UK West
The policy should eventually look along the lines of;
Once created it should look like;
To test that this policy is applying correctly, try to create a virtual machine in a region that was not selected earlier.
Once the incorrect region has been specified, an error message will be shown that the subscription doesn't support the virtual machine creation in the selected region.
To ensure certain administrators could not bypass this resource group by creating another resource group or turn off this policy definition, tiered administrator roles would have to be correctly setup and tested with appropriate level IAM policies.