| title | description | ms.date | ms.topic |
|---|---|---|---|
Pattern: The count operator in a policy definition |
This Azure Policy pattern provides an example of how to use the count operator in a policy definition. |
08/17/2021 |
sample |
The count operator evaluates members of a [*] alias.
This policy definition audits Network Security Groups configured to allow inbound Remote Desktop Protocol (RDP) traffic.
:::code language="json" source="~/policy-templates/patterns/pattern-count-operator.json":::
The core components of the count operator are field, where, and the condition. Each is highlighted in the following snippet.
- field tells count which alias to evaluate members of. Here, we're looking at the securityRules[*] alias array of the network security group.
- where uses the policy language to define which array members meet the criteria. In this example, an allOf logical operator groups three different condition evaluations of alias array properties: direction, access, and destinationPortRange.
- The count condition in this example is greater. Count evaluates as true when one or more members of the alias array matches the where clause.
:::code language="json" source="~/policy-templates/patterns/pattern-count-operator.json" range="12-32" highlight="3,4,20":::
- Review other patterns and built-in definitions.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.