diff --git a/main.tf b/main.tf
index 34a6fc0..bc64911 100644
--- a/main.tf
+++ b/main.tf
@@ -75,6 +75,10 @@ resource "azurerm_kubernetes_cluster" "aks" {
     kube_dashboard {
       enabled = var.enable_kube_dashboard
     }
+    
+    azure_policy {
+      enabled = var.enable_azure_policy
+    }
 
     dynamic "oms_agent" {
       for_each = (var.log_analytics_workspace_id != null ? [1] : [])
diff --git a/variables.tf b/variables.tf
index 9fae3fb..3b82b39 100644
--- a/variables.tf
+++ b/variables.tf
@@ -271,6 +271,12 @@ variable "enable_kube_dashboard" {
   default     = false
 }
 
+variable "enable_azure_policy" {
+  description = "to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner"
+  type        = bool
+  default     = false
+}
+
 variable "acr_pull_access" {
   description = "map of ACR ids to allow AcrPull"
   type        = map(string)