Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this demonstration on *** policy.
00:05
This demonstration is part of the foot Madu off the is that 500 Microsoft Azure security technologist costs
00:12
quick information on the task that will be completing in this demo.
00:17
How startled by creating an azure policy initiative
00:21
How then assigned the initiative at this description, Scope
00:25
on finally are very fighter. My policy initiative is applied.
00:29
Let's jump right into this.
00:32
So in the first ask, are we creating on azure policy Initiative
00:37
aan s a visual representation off. What are between
00:41
how create a policy initiative with a goal of ensuring the storage account are configured securely In my subscription,
00:49
the initiative will content tree built in policy definitions.
00:54
The first definition will be to ensure that secure transfer option is a neighborhood for storage account.
01:00
The second will be to ensure that network access is restricted
01:03
and the thoughts definition will be to ensure that advance straight protection is enabled on our state to the effect for the three off these definitions to deny.
01:14
So here I am in the azure portal. What I'll do is I'll go ahead and click on the stage option on our type in policy and I'll go to Policy Day.
01:25
So on Dodger policy, I can see the section on the left hand side for out of in policies. I can see definitions over here so violently contaminations.
01:34
So here we can see a list of beauty initiatives and definitions. What I want to do is to create a cost Tom initiative. So if I go ahead and click on Creates initiative definition
01:47
for the name of my initiative, our colleagues are just started Security initiative
01:53
and for the category are quiet and create a new category called Security.
01:59
Now, on the vital side is where can hard in policy definitions into this initiative.
02:05
So what? I'll do it sound. First of all, do some filtering our future for storage
02:10
on the other future that I'm going to configure is to change the type to Butte in policy definitions that have the word storage. And then
02:20
so let's go down and let's pick some interesting one. So, for example, he has a policy definition to ensure that advance straight protection is enabled for storage accounts are go ahead and click the plus sign too hard that
02:32
if you have a look incident that the fart effect is audit, if not exist, are go ahead and leave. That
02:39
next fall is a definition that I'll be heading to be. The storage account should restrict network access are wide and add that also
02:47
the default effective sets toe adi. It's about why it and change that, still denying
02:53
they talk policy definition that I'll be having
02:57
is this policy definition to ensure that secure transfer is enabled our guide and hard that policy definition
03:04
the fault effect is our deeds. Bow set that's to deny
03:08
and wasn't done are quiet and click on Save to create my new policy initiative.
03:15
So that's created successfully. One order is our future for initiative on our future. For custom initiatives, I can see my custom initiative here that contains Tripolis definitions within it.
03:30
In the next task. How be assigning the policy initiated that I just created to my Hodja subscription.
03:38
So back in the azure Pato
03:40
to assign my new policy initiative one out do is agua heads to the Azure Dash broad How? Click on subscriptions and I have my single subscription DSR Why didn't click and that
03:53
now, under my subscription, if I scroll down. I can see the policies, sections are by it and click on policies.
04:00
And what are we? Dean is our have the option here that says to assign initiative. So go ahead and click on the option to assign initiative.
04:06
Now for the initiative. Definition are selects this option,
04:12
and I have my costume initiative at the top there so great and selects that and click on Select.
04:19
Now for the policy enforcement I'll leave that has enabled on our go ahead and click on Next to the prime It is So this policy has no permit. Is are ready to find the effects. When I had it in the definitions
04:31
so ah, wide and click next on the remediation. I'm not gonna be doing any automatically. Mediations are quiet and click next.
04:39
I'll review my policy assignments that I'm creating now, and I'll go ahead and click on Create.
04:46
Now that's a signed it immediately.
04:48
So now I have my azure storage security initiative now assigned to my subscription at a subscription scope.
04:58
If I want us to assign that at a different scope, like let's of Management group, I can guide and do the symptoms so for example, I can set for management and click on management groups.
05:09
If I want to assign a policy initiative or policy definition toe this management group, I can select that.
05:15
I can click on details I can go to policies and a sign on initiative at the scope.
05:20
Now in the final task off this demonstration are verify that my policy initiative is applied. Here is a visual representation off what are between how attempts to create a storage account with secure transferred disabled
05:33
on our expect as your policy to block the deployments because it's not complaint with a policy that have defined
05:41
so back in the azure Pato. What I'll do is I'll go to create a new recess on our score down and I'll select stoppage account recess.
05:48
Now I live that as my subscription, and I've puts that in every such group. I just leave that in the network research group that I've used for previous lessons
05:57
for the Storage accounts name. I'll call these stark 98765
06:02
Hopefully that's available and that is available for the location. I'll leave that as UK South
06:09
and actually connects to go to networking
06:12
now for the network connectivity. Metal out violently connects to data protection.
06:16
Our click next to advanced. But when we get under the advance tab, I'll switch to secure transfer configuration options from enabled to disabled
06:27
on Go ahead and click on review. Plus creates.
06:30
And that's random validation and it says validation path. So if I go ahead and click on creates to create thes storage accounts,
06:39
Andi, it's filled
06:40
on the visit wide field. Let me expand that so you can see it say's it failed because it was disallowed by policy on a specified the name of my initiative as the reason behind that. So my policy initiative looks to be working.
06:55
So here is a somebody off what we covered in this demonstration.
07:00
I started out by creating on Azure Policy Initiative. I don't assigned the initiative at a subscription scope and finally, ivory fight that my policy initiative is applied. Thanks very much for watching, and I'll see you in the next lesson

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor