The Azure Marketplace easily enables us to add new types of VMs to any Azure environment. Sometimes those VMs can have additional charges that were not approved. Sometimes those VMs come from a 3rd party source that was not approved. Unfortunately the Azure Marketplace can only be disabled or enabled for EA (Enterprise Agreement) customers according to the Marketplace FAQ, by now. This situation is far from ideal from a governance perspective.
In this post I will show you how to use the Azure Policy service to audit or even deny the creation of those VMs.
