1 hour 5 minutes
In this video, we will assign an azure policy to a resource group scope Using Azure Portal.
Let's switch to Azure Portal and see how this is done.
For this demo,
I created a resource group called C Y B ese Policy portal Demo.
I will create a new policy assignment for this specific resource group.
The policy that I'm gonna sign We will be a required tag policy, which will require a specific tag to be applied to every resource that is created in this resource group.
Let's go ahead and do that. Go to the policy section.
I'll look through the definitions
first. I need to find the policy that I would like to assign.
There are many tag policies.
There is a policy which requires a tag and its value.
These are fixed tag and a fixed value.
I will select the specific required tag policy.
I'll click on it, and I can review what this policy does.
It enforces the existence of a specific tag. It doesn't apply to a resource group, but it will apply to every resource. If I assign this policy on the resource group level,
I can click a sign
and I can select the scope for this assignment.
This will be on the subscription,
and it will be on the specific resource group that I wanted.
I'll say Select
right now, we don't want to do any exclusions.
We'll put a name. And for clarity.
Let's also include the resource Group C Y B ese policy portal, Demo RG.
And we will say it requires a specified tag or actually requires the owners tag.
That's how we'll do it.
We can add any description.
This policy will require the owner attack for every resource created in the C Y B ese policy portal Demo Resource Group.
this will be assigned to me.
It will have enforcement action.
The next thing we need to specify is the parameters.
The policy has a single parameter, which is the tag name.
We'll say the tag name is owner.
We will require owner for every resource created in the resource group.
We click next.
We can leave that by default.
We will review the policy and will create it
and the assignment is created.
We could go back to the Resource group,
open the resource group.
When we click on policies,
we will see that we have the default policies that are applied on the subscription level and also
the Azure Security Center policies.
We have required owner tags. C Y B ese policy portal in the compliance state is not started.
let's try to go back to the resource group and create a resource in it.
I'll try to create a simple storage account resource ing this resource group.
I will click it storage account.
I'll specify a name for it. It's in this resource group.
C Y B ese policy portal Demo storage.
I'm going to select West us because it's the closest to me
and locally redundant storage,
and we'll just keep to the Wizard,
and I won't specify any tax
and create the resource.
The deployment begins, but immediately fails because, as you see,
the resource was disallowed by the policy.
I cannot go and create any resource that doesn't comply with the policy.
If I want to go and actually create the storage account,
I need to specify the owner attack.
Let's go and do that.
We'll go back to the resource group.
We'll click a storage account,
go through the same wizard and will say C Y B ese policy portal Demo storage.
Select the closest region
No networking, No advanced.
Now specify owner tag and I'll say my name.
We will review that and we will click Create.
This time the creation of the resource will go through because we complied with the policy.
As you can see, this time our deployment completed and we have a storage account in the resource group.
If we click on the resource group, we will see that we have a storage account.
This storage account has a tag with the name owner and a value my name.
You just saw how you can use azure portal to assign policy to a resource group.
This policy will be enforced for any resource that is created in this resource group.
It doesn't matter whether you create the resource is from the portal or you're using power shell or command line interface.
In the next video,
we will see how you can assign policies using command line interface