Skip to main content


Azure Policy definitions mapped to the NZISM.

Security template of Microsoft’s Azure Policy definitions

Microsoft provides guidance on Azure Policy definitions and how they map, at the ‘RESTRICTED’ level or below, to the controls in the New Zealand Information Security Manual (NZISM).

Microsoft’s mapping tables include:

  • the NZISM controls being met
  • identifications with an NZISM benchmark
  • ownership of each control
  • names in the Azure portal
  • descriptions
  • effects
  • versions in GitHub — template commits.

Details of the New Zealand ISM Restricted Regulatory Compliance built-in initiative — Microsoft

NZISM Restricted blueprint sample

Azure’s blueprint sample helps government organisations to deploy architecture using the Azure Policy that maps to security controls in the NZISM.

The blueprint sample lists how to deploy the core set of policies and the artifact:

  • names
  • types
  • parameters
  • descriptions.

New Zealand ISM Restricted blueprint — Microsoft

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated