Policy as Code Export
Export your entire Azure policy environment as Policy-as-Code.
Push it to your repositories, and keep authoring policies through Clophi, manually, or both.
Overview
Clophi can generate Policy-as-Code from every policy definition, assignment, and initiative in your Azure environment. Output is available as Bicep, Terraform, or ARM Templates, in either parameterized or non-parameterized form, and can be downloaded directly or pushed to a connected Git repository.
Bootstrapping Policy-as-Code
Starting from an existing Azure environment, Clophi can export your entire policy footprint in a single operation. From the Enterprise Policy Center, select the definitions, assignments, and initiatives you want to include, choose your output format, and decide how to deliver the result.
- DownloadExport the generated policies as a local archive.
- Push to repositoryCommit the policies directly to a connected Git repository and open a pull request for review.
Both processes support the same output options:
- Terraform, Bicep, or ARM Template
- Parameterized
- Non-parameterized
Creating Policies After Adoption
Once your repository holds the source of truth, you have two ways to continue authoring policies.
Author with Clophi
Use Clophi to create new definitions, assignments, or initiatives. When you're ready to publish, generate the Policy-as-Code and push it directly to your repository. Clophi commits the file to a branch of your choice and opens a pull request for review.
Author manually
If you prefer to keep using your existing workflows to author and assign policies, Clophi supports this as well. Clophi continuously tracks Azure activity and fetches up-to-date definitions, assignments, and initiatives as they appear.
Any policy created by your existing workflows becomes visible in the Policy Center within the next detection cycle. Open the relevant dashboard, select the new policy, inspect the compliane reports or customize your policy as you like and/or export it as Policy-as-Code from the right tab.
Tracking Changes to Your Policy Repository
Once Policy-as-Code is in place, you can monitor your live policies against your repository. Clophi's Policy Drift Detection tracks every change to definitions, assignments, and initiatives against a captured baseline.
Export your policies as code, store them in Git, and use Policy Drift Detection to flag any change to your live Azure policies that wasn't applied through your authorized pipeline. Your repository becomes the source of truth, and Clophi enforces it.
