Create and Manage Azure Policy in Azure Portal

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 5 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:01
In this video, we will assign an azure policy to a resource group scope Using Azure Portal.
00:07
Let's switch to Azure Portal and see how this is done.
00:13
For this demo,
00:14
I created a resource group called C Y B ese Policy portal Demo.
00:21
I will create a new policy assignment for this specific resource group.
00:26
The policy that I'm gonna sign We will be a required tag policy, which will require a specific tag to be applied to every resource that is created in this resource group.
00:38
Let's go ahead and do that. Go to the policy section.
00:43
I'll look through the definitions
00:46
first. I need to find the policy that I would like to assign.
00:51
There are many tag policies.
00:54
There is a policy which requires a tag and its value.
00:57
These are fixed tag and a fixed value.
01:00
I will select the specific required tag policy.
01:04
I'll click on it, and I can review what this policy does.
01:10
It enforces the existence of a specific tag. It doesn't apply to a resource group, but it will apply to every resource. If I assign this policy on the resource group level,
01:21
I can click a sign
01:25
and I can select the scope for this assignment.
01:30
This will be on the subscription,
01:32
and it will be on the specific resource group that I wanted.
01:37
I'll say Select
01:41
right now, we don't want to do any exclusions.
01:44
We'll put a name. And for clarity.
01:46
Let's also include the resource Group C Y B ese policy portal, Demo RG.
02:05
And we will say it requires a specified tag or actually requires the owners tag.
02:09
That's how we'll do it.
02:12
We can add any description.
02:15
This policy will require the owner attack for every resource created in the C Y B ese policy portal Demo Resource Group.
02:38
Okay,
02:39
this will be assigned to me.
02:43
It will have enforcement action.
02:46
The next thing we need to specify is the parameters.
02:51
The policy has a single parameter, which is the tag name.
02:54
We'll say the tag name is owner.
02:58
We will require owner for every resource created in the resource group.
03:05
We click next.
03:07
We can leave that by default.
03:10
We will review the policy and will create it
03:15
and the assignment is created.
03:16
We could go back to the Resource group,
03:22
open the resource group.
03:24
When we click on policies,
03:28
we will see that we have the default policies that are applied on the subscription level and also
03:35
the Azure Security Center policies.
03:38
We have required owner tags. C Y B ese policy portal in the compliance state is not started.
03:49
Now
03:50
let's try to go back to the resource group and create a resource in it.
03:53
I'll try to create a simple storage account resource ing this resource group.
03:59
I will click it storage account.
04:04
I'll specify a name for it. It's in this resource group.
04:10
We'll say
04:12
C Y B ese policy portal Demo storage.
04:18
I'm going to select West us because it's the closest to me
04:24
and locally redundant storage,
04:27
and we'll just keep to the Wizard,
04:29
and I won't specify any tax
04:31
I'll review
04:34
and create the resource.
04:40
The deployment begins, but immediately fails because, as you see,
04:46
the resource was disallowed by the policy.
04:48
I cannot go and create any resource that doesn't comply with the policy.
04:55
If I want to go and actually create the storage account,
05:00
I need to specify the owner attack.
05:03
Let's go and do that.
05:05
We'll go back to the resource group.
05:11
We'll click a storage account,
05:18
go through the same wizard and will say C Y B ese policy portal Demo storage.
05:31
Select the closest region
05:34
locally redundant.
05:36
No networking, No advanced.
05:39
Now specify owner tag and I'll say my name.
05:46
We will review that and we will click Create.
05:53
This time the creation of the resource will go through because we complied with the policy.
06:00
As you can see, this time our deployment completed and we have a storage account in the resource group.
06:08
If we click on the resource group, we will see that we have a storage account.
06:12
This storage account has a tag with the name owner and a value my name.
06:20
You just saw how you can use azure portal to assign policy to a resource group.
06:25
This policy will be enforced for any resource that is created in this resource group.
06:30
It doesn't matter whether you create the resource is from the portal or you're using power shell or command line interface.
06:36
In the next video,
06:38
we will see how you can assign policies using command line interface
Up Next