1 hour 5 minutes
in this video,
we will create the initiative assignment using Azure portal.
I will assign this initiative on my subscription level. In the initiative that I chose to assign is the CSCE benchmark for Azure.
Let's switch to Azure Portal and do that.
Here I am again in Azure Portal. And in order to assign the initiative, I need to go to the Policy service.
Let's find the definition for the initiative.
Click on definitions and
here I will search for CS.
This is the C s initiative that is a built in initiative in Azure.
You can look at all the policies that are included and they all match the C s version 1 10 of the benchmark.
let's go on to sign the initiative.
I'll choose the scope.
The scope of this assignment will be the subscription.
I will leave the resource group open or not filled in because I would like the initiative to be evaluating everything which is within the subscription.
We can do some exclusions, but
we will do that in our next lecture.
We will enable enforcement of this initiative.
This initiative requires two parameters.
One is the region where the network watchers should be enabled.
The other one is a list of virtual machine extensions that are approved for use.
Those are the default ones.
I will change the location of the Watcher to West us, too.
I'll go next.
We'll leave that as a default. To manage the identity.
We will review the policy initiative and we will click Create.
What this will do is it will go on a sign on my subscription.
If we go back to this policy
and you can see now that the policy initiative is assigned on a subscription level
in our next video,
we will take a look at how we can evaluate those policies and exclude resource is from them.