Using the Terraform Foundational Policies Library with Microsoft Azure
HashiCorp Terraform is used to simplify Azure deployment and the management process by defining the necessary components as code. The Microsoft Azure provider for Terraform was initially released five years ago and recently updated to version 2.0. In addition to Terraform infrastructure as code, Terraform also provides Sentinel policies as code to configure guardrails that are enforced within the provisioning workflow. Policy enforcement protects against infrastructure changes that don’t follow security, regulatory compliance, or internal business policies.
To aid in the creation of new policies, we recently released a preview of the Terraform Foundational Policies Library for HashiCorp Terraform Cloud and Enterprise. The initial set of 50 policies are based on controls, as defined by the Center for Internet Security Benchmarks, for some of the major cloud providers.
The following video walks through the configuration of two policies, which were defined by CIS Benchmarks, and made available as part of the Terraform Foundational Policies Library and how to apply them to an Azure configuration. The first policy being applied is to verify that all managed disks are encrypted. The second policy is to check the extensions being installed, ensuring only those of which were approved are allowed. These policies are combined with an already existing Sentinel rule and checked with every Terraform plan operation.
» Applying Policy as Code to Microsoft Azure
» More Information
If you would like to know more about the Terraform Foundational Policies Library or how to get started with additional policies, please review the documentation. To learn more about using Terraform with Sentinel, visit the HashiCorp Learn Platform.
For more information on Terraform Cloud and Enterprise visit the Terraform product page or to get started today, sign-up for a Terraform Cloud account.
Sign up for the latest HashiCorp news
More blog posts like this one

Terraform ephemeral resources, Waypoint actions, and more at HashiDays 2025
HashiCorp Terraform, Waypoint, and Nomad continue to simplify hybrid cloud infrastructure with new capabilities that help secure infrastructure before deployment and effectively manage it over time.

Terraform migrate 1.1 adds VCS workspace support and enhanced GitOps
Terraform migrate 1.1 adds support for VCS workspaces, expanded Git capabilities, and greater control through both the CLI.

Terraform adds new pre-written Sentinel policies for AWS Foundational Security Best Practices
HashiCorp and AWS introduced a new pre-written policy library to help organizations meet AWS’s Foundational Best Security Practices (FSBP).