Create and Manage Azure Policy in Azure Portal

00:01

In this video, we will assign an azure policy to a resource group scope Using Azure Portal.

00:07

Let's switch to Azure Portal and see how this is done.

00:13

For this demo,

00:14

I created a resource group called C Y B ese Policy portal Demo.

00:21

I will create a new policy assignment for this specific resource group.

00:26

The policy that I'm gonna sign We will be a required tag policy, which will require a specific tag to be applied to every resource that is created in this resource group.

00:38

Let's go ahead and do that. Go to the policy section.

00:43

I'll look through the definitions

00:46

first. I need to find the policy that I would like to assign.

00:51

There are many tag policies.

00:54

There is a policy which requires a tag and its value.

00:57

These are fixed tag and a fixed value.

01:00

I will select the specific required tag policy.

01:04

I'll click on it, and I can review what this policy does.

01:10

It enforces the existence of a specific tag. It doesn't apply to a resource group, but it will apply to every resource. If I assign this policy on the resource group level,

01:21

I can click a sign

01:25

and I can select the scope for this assignment.

01:30

This will be on the subscription,

01:32

and it will be on the specific resource group that I wanted.

01:37

I'll say Select

01:41

right now, we don't want to do any exclusions.

01:44

We'll put a name. And for clarity.

01:46

Let's also include the resource Group C Y B ese policy portal, Demo RG.

02:05

And we will say it requires a specified tag or actually requires the owners tag.

02:09

That's how we'll do it.

02:12

We can add any description.

02:15

This policy will require the owner attack for every resource created in the C Y B ese policy portal Demo Resource Group.

02:38

Okay,

02:39

this will be assigned to me.

02:43

It will have enforcement action.

02:46

The next thing we need to specify is the parameters.

02:51

The policy has a single parameter, which is the tag name.

02:54

We'll say the tag name is owner.

02:58

We will require owner for every resource created in the resource group.

03:05

We click next.

03:07

We can leave that by default.

03:10

We will review the policy and will create it

03:15

and the assignment is created.

03:16

We could go back to the Resource group,

03:22

open the resource group.

03:24

When we click on policies,

03:28

we will see that we have the default policies that are applied on the subscription level and also

03:35

the Azure Security Center policies.

03:38

We have required owner tags. C Y B ese policy portal in the compliance state is not started.

03:49

Now

03:50

let's try to go back to the resource group and create a resource in it.

03:53

I'll try to create a simple storage account resource ing this resource group.

03:59

I will click it storage account.

04:04

I'll specify a name for it. It's in this resource group.

04:10

We'll say

04:12

C Y B ese policy portal Demo storage.

04:18

I'm going to select West us because it's the closest to me

04:24

and locally redundant storage,

04:27

and we'll just keep to the Wizard,

04:29

and I won't specify any tax

04:31

I'll review

04:34

and create the resource.

04:40

The deployment begins, but immediately fails because, as you see,

04:46

the resource was disallowed by the policy.

04:48

I cannot go and create any resource that doesn't comply with the policy.

04:55

If I want to go and actually create the storage account,

05:00

I need to specify the owner attack.

05:03

Let's go and do that.

05:05

We'll go back to the resource group.

05:11

We'll click a storage account,

05:18

go through the same wizard and will say C Y B ese policy portal Demo storage.

05:31

Select the closest region

05:34

locally redundant.

05:36

No networking, No advanced.

05:39

Now specify owner tag and I'll say my name.

05:46

We will review that and we will click Create.

05:53

This time the creation of the resource will go through because we complied with the policy.

06:00

As you can see, this time our deployment completed and we have a storage account in the resource group.

06:08

If we click on the resource group, we will see that we have a storage account.

06:12

This storage account has a tag with the name owner and a value my name.

06:20

You just saw how you can use azure portal to assign policy to a resource group.

06:25

This policy will be enforced for any resource that is created in this resource group.

06:30

It doesn't matter whether you create the resource is from the portal or you're using power shell or command line interface.

06:36

In the next video,