8 hours 33 minutes
Hello, Siberians. Welcome to this demonstration on *** policy.
This demonstration is part of the foot Madu off the is that 500 Microsoft Azure security technologist costs
quick information on the task that will be completing in this demo.
How startled by creating an azure policy initiative
How then assigned the initiative at this description, Scope
on finally are very fighter. My policy initiative is applied.
Let's jump right into this.
So in the first ask, are we creating on azure policy Initiative
aan s a visual representation off. What are between
how create a policy initiative with a goal of ensuring the storage account are configured securely In my subscription,
the initiative will content tree built in policy definitions.
The first definition will be to ensure that secure transfer option is a neighborhood for storage account.
The second will be to ensure that network access is restricted
and the thoughts definition will be to ensure that advance straight protection is enabled on our state to the effect for the three off these definitions to deny.
So here I am in the azure portal. What I'll do is I'll go ahead and click on the stage option on our type in policy and I'll go to Policy Day.
So on Dodger policy, I can see the section on the left hand side for out of in policies. I can see definitions over here so violently contaminations.
So here we can see a list of beauty initiatives and definitions. What I want to do is to create a cost Tom initiative. So if I go ahead and click on Creates initiative definition
for the name of my initiative, our colleagues are just started Security initiative
and for the category are quiet and create a new category called Security.
Now, on the vital side is where can hard in policy definitions into this initiative.
So what? I'll do it sound. First of all, do some filtering our future for storage
on the other future that I'm going to configure is to change the type to Butte in policy definitions that have the word storage. And then
so let's go down and let's pick some interesting one. So, for example, he has a policy definition to ensure that advance straight protection is enabled for storage accounts are go ahead and click the plus sign too hard that
if you have a look incident that the fart effect is audit, if not exist, are go ahead and leave. That
next fall is a definition that I'll be heading to be. The storage account should restrict network access are wide and add that also
the default effective sets toe adi. It's about why it and change that, still denying
they talk policy definition that I'll be having
is this policy definition to ensure that secure transfer is enabled our guide and hard that policy definition
the fault effect is our deeds. Bow set that's to deny
and wasn't done are quiet and click on Save to create my new policy initiative.
So that's created successfully. One order is our future for initiative on our future. For custom initiatives, I can see my custom initiative here that contains Tripolis definitions within it.
In the next task. How be assigning the policy initiated that I just created to my Hodja subscription.
So back in the azure Pato
to assign my new policy initiative one out do is agua heads to the Azure Dash broad How? Click on subscriptions and I have my single subscription DSR Why didn't click and that
now, under my subscription, if I scroll down. I can see the policies, sections are by it and click on policies.
And what are we? Dean is our have the option here that says to assign initiative. So go ahead and click on the option to assign initiative.
Now for the initiative. Definition are selects this option,
and I have my costume initiative at the top there so great and selects that and click on Select.
Now for the policy enforcement I'll leave that has enabled on our go ahead and click on Next to the prime It is So this policy has no permit. Is are ready to find the effects. When I had it in the definitions
so ah, wide and click next on the remediation. I'm not gonna be doing any automatically. Mediations are quiet and click next.
I'll review my policy assignments that I'm creating now, and I'll go ahead and click on Create.
Now that's a signed it immediately.
So now I have my azure storage security initiative now assigned to my subscription at a subscription scope.
If I want us to assign that at a different scope, like let's of Management group, I can guide and do the symptoms so for example, I can set for management and click on management groups.
If I want to assign a policy initiative or policy definition toe this management group, I can select that.
I can click on details I can go to policies and a sign on initiative at the scope.
Now in the final task off this demonstration are verify that my policy initiative is applied. Here is a visual representation off what are between how attempts to create a storage account with secure transferred disabled
on our expect as your policy to block the deployments because it's not complaint with a policy that have defined
so back in the azure Pato. What I'll do is I'll go to create a new recess on our score down and I'll select stoppage account recess.
Now I live that as my subscription, and I've puts that in every such group. I just leave that in the network research group that I've used for previous lessons
for the Storage accounts name. I'll call these stark 98765
Hopefully that's available and that is available for the location. I'll leave that as UK South
and actually connects to go to networking
now for the network connectivity. Metal out violently connects to data protection.
Our click next to advanced. But when we get under the advance tab, I'll switch to secure transfer configuration options from enabled to disabled
on Go ahead and click on review. Plus creates.
And that's random validation and it says validation path. So if I go ahead and click on creates to create thes storage accounts,
Andi, it's filled
on the visit wide field. Let me expand that so you can see it say's it failed because it was disallowed by policy on a specified the name of my initiative as the reason behind that. So my policy initiative looks to be working.
So here is a somebody off what we covered in this demonstration.
I started out by creating on Azure Policy Initiative. I don't assigned the initiative at a subscription scope and finally, ivory fight that my policy initiative is applied. Thanks very much for watching, and I'll see you in the next lesson