From 7ac244156314f5f8f47c30f4580e8e78f74b41d5 Mon Sep 17 00:00:00 2001 From: kah279 Date: Wed, 4 Mar 2026 17:24:00 -0800 Subject: [PATCH 1/3] initial impl --- .../README.md | 35 +++++++++ .../azurepolicy.json | 78 +++++++++++++++++++ .../azurepolicy.parameters.json | 16 ++++ .../azurepolicy.rules.json | 49 ++++++++++++ 4 files changed, 178 insertions(+) create mode 100644 policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md create mode 100644 policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json create mode 100644 policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json create mode 100644 policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md new file mode 100644 index 00000000..50f7b909 --- /dev/null +++ b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md @@ -0,0 +1,35 @@ +# Configure Smart tier for ZRS storage accounts + +This policy ensures that all Standard Zone-Redundant Storage (ZRS) accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by intelligently moving data between access tiers based on access patterns. It targets storage accounts with `Standard_ZRS`, `Standard_GZRS`, and `Standard_RAGZRS` SKUs of kind `StorageV2` or `BlobStorage`. + +The policy supports the following effects: + +- **Modify** (default) – Automatically sets the access tier to Smart on non-compliant ZRS storage accounts. +- **Deny** – Prevents creation or update of ZRS storage accounts that do not use the Smart tier. +- **Audit** – Logs non-compliant ZRS storage accounts without making changes. +- **Disabled** – Turns off the policy evaluation entirely. + +> **Note:** The Modify effect requires requests to use API version `2025-08-01` or later, which supports the Smart access tier. The policy only evaluates requests made with a compatible API version. + +## Try on Portal + +[![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/CreatePolicyDefinitionBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FCommunity-Policy%2Fmaster%2FpolicyDefinitions%2FStorage%2Fconfigure-smart-tier-for-zrs-storage-accounts%2Fazurepolicy.json) + +## Try with PowerShell + +````powershell +$definition = New-AzPolicyDefinition -Name "configure-smart-tier-for-zrs-storage-accounts" -DisplayName "Configure Smart tier for ZRS storage accounts" -description "This policy ensures that all Standard ZRS storage accounts use the Smart access tier." -Policy 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json' -Mode All +$definition +$assignment = New-AzPolicyAssignment -Name -Scope -PolicyDefinition $definition +$assignment +```` + +## Try with CLI + +````cli + +az policy definition create --name 'configure-smart-tier-for-zrs-storage-accounts' --display-name 'Configure Smart tier for ZRS storage accounts' --description 'This policy ensures that all Standard ZRS storage accounts use the Smart access tier.' --rules 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json' --mode All + +az policy assignment create --name --scope --policy "configure-smart-tier-for-zrs-storage-accounts" + +```` diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json new file mode 100644 index 00000000..5595f2d3 --- /dev/null +++ b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json @@ -0,0 +1,78 @@ +{ + "name": "a3c7bb4e-8e62-4f1d-9c3a-bf5d42e6f9d1", + "type": "Microsoft.Authorization/policyDefinitions", + "properties": { + "displayName": "Configure Smart tier for ZRS storage accounts", + "description": "This policy ensures that all Standard ZRS storage accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by moving data between access tiers based on access patterns. This policy targets Standard_ZRS, Standard_GZRS, and Standard_RAGZRS SKUs. Requests to modify must use API version 2025-08-01 or later.", + "metadata": { + "version": "1.0.0", + "category": "Storage" + }, + "mode": "All", + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Modify, Deny, Audit or Disabled the execution of the Policy" + }, + "allowedValues": [ + "Modify", + "Deny", + "Audit", + "Disabled" + ], + "defaultValue": "Modify" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "field": "kind", + "in": [ + "StorageV2", + "BlobStorage" + ] + }, + { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": [ + "Standard_ZRS", + "Standard_GZRS", + "Standard_RAGZRS" + ] + }, + { + "value": "[requestContext().apiVersion]", + "greaterOrEquals": "2025-08-01" + }, + { + "field": "Microsoft.Storage/storageAccounts/accessTier", + "notEquals": "Smart" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "conflictEffect": "audit", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" + ], + "operations": [ + { + "operation": "addOrReplace", + "field": "Microsoft.Storage/storageAccounts/accessTier", + "value": "Smart" + } + ] + } + } + } + } +} diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json new file mode 100644 index 00000000..50b11e1c --- /dev/null +++ b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json @@ -0,0 +1,16 @@ +{ + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Modify, Deny, Audit or Disabled the execution of the Policy" + }, + "allowedValues": [ + "Modify", + "Deny", + "Audit", + "Disabled" + ], + "defaultValue": "Modify" + } +} diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json new file mode 100644 index 00000000..4655300f --- /dev/null +++ b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json @@ -0,0 +1,49 @@ +{ + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "field": "kind", + "in": [ + "StorageV2", + "BlobStorage" + ] + }, + { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": [ + "Standard_ZRS", + "Standard_GZRS", + "Standard_RAGZRS" + ] + }, + { + "value": "[requestContext().apiVersion]", + "greaterOrEquals": "2025-08-01" + }, + { + "field": "Microsoft.Storage/storageAccounts/accessTier", + "notEquals": "Smart" + } + ] + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "conflictEffect": "audit", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" + ], + "operations": [ + { + "operation": "addOrReplace", + "field": "Microsoft.Storage/storageAccounts/accessTier", + "value": "Smart" + } + ] + } + } +} From 9c2e1d99ae0f2d9ecd5334e336e77c2301c20518 Mon Sep 17 00:00:00 2001 From: kah279 Date: Thu, 5 Mar 2026 13:11:47 -0800 Subject: [PATCH 2/3] remove modify action --- .../README.md | 35 ------------------- .../README.md | 34 ++++++++++++++++++ .../azurepolicy.json | 24 +++---------- .../azurepolicy.parameters.json | 5 ++- .../azurepolicy.rules.json | 15 +------- 5 files changed, 42 insertions(+), 71 deletions(-) delete mode 100644 policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md create mode 100644 policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md rename policyDefinitions/Storage/{configure-smart-tier-for-zrs-storage-accounts => deny-zrs-storage-accounts-without-smart-tier}/azurepolicy.json (66%) rename policyDefinitions/Storage/{configure-smart-tier-for-zrs-storage-accounts => deny-zrs-storage-accounts-without-smart-tier}/azurepolicy.parameters.json (57%) rename policyDefinitions/Storage/{configure-smart-tier-for-zrs-storage-accounts => deny-zrs-storage-accounts-without-smart-tier}/azurepolicy.rules.json (61%) diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md b/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md deleted file mode 100644 index 50f7b909..00000000 --- a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Configure Smart tier for ZRS storage accounts - -This policy ensures that all Standard Zone-Redundant Storage (ZRS) accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by intelligently moving data between access tiers based on access patterns. It targets storage accounts with `Standard_ZRS`, `Standard_GZRS`, and `Standard_RAGZRS` SKUs of kind `StorageV2` or `BlobStorage`. - -The policy supports the following effects: - -- **Modify** (default) – Automatically sets the access tier to Smart on non-compliant ZRS storage accounts. -- **Deny** – Prevents creation or update of ZRS storage accounts that do not use the Smart tier. -- **Audit** – Logs non-compliant ZRS storage accounts without making changes. -- **Disabled** – Turns off the policy evaluation entirely. - -> **Note:** The Modify effect requires requests to use API version `2025-08-01` or later, which supports the Smart access tier. The policy only evaluates requests made with a compatible API version. - -## Try on Portal - -[![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/CreatePolicyDefinitionBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FCommunity-Policy%2Fmaster%2FpolicyDefinitions%2FStorage%2Fconfigure-smart-tier-for-zrs-storage-accounts%2Fazurepolicy.json) - -## Try with PowerShell - -````powershell -$definition = New-AzPolicyDefinition -Name "configure-smart-tier-for-zrs-storage-accounts" -DisplayName "Configure Smart tier for ZRS storage accounts" -description "This policy ensures that all Standard ZRS storage accounts use the Smart access tier." -Policy 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json' -Mode All -$definition -$assignment = New-AzPolicyAssignment -Name -Scope -PolicyDefinition $definition -$assignment -```` - -## Try with CLI - -````cli - -az policy definition create --name 'configure-smart-tier-for-zrs-storage-accounts' --display-name 'Configure Smart tier for ZRS storage accounts' --description 'This policy ensures that all Standard ZRS storage accounts use the Smart access tier.' --rules 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json' --mode All - -az policy assignment create --name --scope --policy "configure-smart-tier-for-zrs-storage-accounts" - -```` diff --git a/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md new file mode 100644 index 00000000..44b31202 --- /dev/null +++ b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md @@ -0,0 +1,34 @@ +# Deny ZRS storage accounts without Smart tier + +This policy ensures that all Standard Zone-Redundant Storage (ZRS) accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by intelligently moving data between access tiers based on access patterns. It targets storage accounts with `Standard_ZRS`, `Standard_GZRS`, and `Standard_RAGZRS` SKUs of kind `StorageV2` or `BlobStorage`. + +The policy supports the following effects: + +- **Deny** (default) – Prevents creation or update of ZRS storage accounts that do not use the Smart tier. +- **Audit** – Logs non-compliant ZRS storage accounts without making changes. +- **Disabled** – Turns off the policy evaluation entirely. + +> **Note:** The policy only evaluates requests using API version `2025-08-01` or later, which supports the Smart access tier. Requests made with older API versions are not affected. + +## Try on Portal + +[![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/CreatePolicyDefinitionBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FCommunity-Policy%2Fmaster%2FpolicyDefinitions%2FStorage%2Fdeny-zrs-storage-accounts-without-smart-tier%2Fazurepolicy.json) + +## Try with PowerShell + +````powershell +$definition = New-AzPolicyDefinition -Name "deny-zrs-storage-accounts-without-smart-tier" -DisplayName "Deny ZRS storage accounts without Smart tier" -description "This policy ensures that all Standard ZRS storage accounts use the Smart access tier." -Policy 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json' -Mode All +$definition +$assignment = New-AzPolicyAssignment -Name -Scope -PolicyDefinition $definition +$assignment +```` + +## Try with CLI + +````cli + +az policy definition create --name 'deny-zrs-storage-accounts-without-smart-tier' --display-name 'Deny ZRS storage accounts without Smart tier' --description 'This policy ensures that all Standard ZRS storage accounts use the Smart access tier.' --rules 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json' --mode All + +az policy assignment create --name --scope --policy "deny-zrs-storage-accounts-without-smart-tier" + +```` diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.json similarity index 66% rename from policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json rename to policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.json index 5595f2d3..157ccf5b 100644 --- a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.json +++ b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.json @@ -2,8 +2,8 @@ "name": "a3c7bb4e-8e62-4f1d-9c3a-bf5d42e6f9d1", "type": "Microsoft.Authorization/policyDefinitions", "properties": { - "displayName": "Configure Smart tier for ZRS storage accounts", - "description": "This policy ensures that all Standard ZRS storage accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by moving data between access tiers based on access patterns. This policy targets Standard_ZRS, Standard_GZRS, and Standard_RAGZRS SKUs. Requests to modify must use API version 2025-08-01 or later.", + "displayName": "Deny ZRS storage accounts without Smart tier", + "description": "This policy ensures that all Standard ZRS storage accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by moving data between access tiers based on access patterns. This policy targets Standard_ZRS, Standard_GZRS, and Standard_RAGZRS SKUs of kind StorageV2 or BlobStorage. Only requests using API version 2025-08-01 or later are evaluated, as earlier versions do not support the Smart tier.", "metadata": { "version": "1.0.0", "category": "Storage" @@ -14,15 +14,14 @@ "type": "String", "metadata": { "displayName": "Effect", - "description": "Modify, Deny, Audit or Disabled the execution of the Policy" + "description": "Deny, Audit or Disabled the execution of the Policy" }, "allowedValues": [ - "Modify", "Deny", "Audit", "Disabled" ], - "defaultValue": "Modify" + "defaultValue": "Deny" } }, "policyRule": { @@ -58,20 +57,7 @@ ] }, "then": { - "effect": "[parameters('effect')]", - "details": { - "conflictEffect": "audit", - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" - ], - "operations": [ - { - "operation": "addOrReplace", - "field": "Microsoft.Storage/storageAccounts/accessTier", - "value": "Smart" - } - ] - } + "effect": "[parameters('effect')]" } } } diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json similarity index 57% rename from policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json rename to policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json index 50b11e1c..470fd378 100644 --- a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.parameters.json +++ b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json @@ -3,14 +3,13 @@ "type": "String", "metadata": { "displayName": "Effect", - "description": "Modify, Deny, Audit or Disabled the execution of the Policy" + "description": "Deny, Audit or Disabled the execution of the Policy" }, "allowedValues": [ - "Modify", "Deny", "Audit", "Disabled" ], - "defaultValue": "Modify" + "defaultValue": "Deny" } } diff --git a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json similarity index 61% rename from policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json rename to policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json index 4655300f..49c9578b 100644 --- a/policyDefinitions/Storage/configure-smart-tier-for-zrs-storage-accounts/azurepolicy.rules.json +++ b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json @@ -31,19 +31,6 @@ ] }, "then": { - "effect": "[parameters('effect')]", - "details": { - "conflictEffect": "audit", - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" - ], - "operations": [ - { - "operation": "addOrReplace", - "field": "Microsoft.Storage/storageAccounts/accessTier", - "value": "Smart" - } - ] - } + "effect": "[parameters('effect')]" } } From a4b3fb652c1fada2bf0247e7aeafb1233dcd452a Mon Sep 17 00:00:00 2001 From: kah279 Date: Sat, 28 Mar 2026 07:55:25 -0700 Subject: [PATCH 3/3] remove readme --- .../README.md | 34 ------------------- 1 file changed, 34 deletions(-) delete mode 100644 policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md diff --git a/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md b/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md deleted file mode 100644 index 44b31202..00000000 --- a/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Deny ZRS storage accounts without Smart tier - -This policy ensures that all Standard Zone-Redundant Storage (ZRS) accounts use the Smart access tier. The Smart tier automatically optimizes storage costs by intelligently moving data between access tiers based on access patterns. It targets storage accounts with `Standard_ZRS`, `Standard_GZRS`, and `Standard_RAGZRS` SKUs of kind `StorageV2` or `BlobStorage`. - -The policy supports the following effects: - -- **Deny** (default) – Prevents creation or update of ZRS storage accounts that do not use the Smart tier. -- **Audit** – Logs non-compliant ZRS storage accounts without making changes. -- **Disabled** – Turns off the policy evaluation entirely. - -> **Note:** The policy only evaluates requests using API version `2025-08-01` or later, which supports the Smart access tier. Requests made with older API versions are not affected. - -## Try on Portal - -[![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#blade/Microsoft_Azure_Policy/CreatePolicyDefinitionBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FCommunity-Policy%2Fmaster%2FpolicyDefinitions%2FStorage%2Fdeny-zrs-storage-accounts-without-smart-tier%2Fazurepolicy.json) - -## Try with PowerShell - -````powershell -$definition = New-AzPolicyDefinition -Name "deny-zrs-storage-accounts-without-smart-tier" -DisplayName "Deny ZRS storage accounts without Smart tier" -description "This policy ensures that all Standard ZRS storage accounts use the Smart access tier." -Policy 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json' -Mode All -$definition -$assignment = New-AzPolicyAssignment -Name -Scope -PolicyDefinition $definition -$assignment -```` - -## Try with CLI - -````cli - -az policy definition create --name 'deny-zrs-storage-accounts-without-smart-tier' --display-name 'Deny ZRS storage accounts without Smart tier' --description 'This policy ensures that all Standard ZRS storage accounts use the Smart access tier.' --rules 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/Azure/Community-Policy/master/policyDefinitions/Storage/deny-zrs-storage-accounts-without-smart-tier/azurepolicy.parameters.json' --mode All - -az policy assignment create --name --scope --policy "deny-zrs-storage-accounts-without-smart-tier" - -````