in this video, we will was signed on Azur policy to a resource groups call using as a reporter.
Let's switch to Usher Porto and see how this is them
for this *** home. I created a resource group called See Why Be ese policy portal Demo.
I woke it a new policy assignment for the specific resource group.
The policy that I WAAS sign will be a required tax policy, which will require a specific talk. Toby applied toe every resource that is created in this resource group.
Let's do that. So go toe the policy section,
and I looked through the definitions. First, I need to find the policy that I would like to assign
there many tax policies.
There is a policy which require stuck in its value, so these are fixed stock and value. I will select the required specific tax policy.
I will click on it, and I can review what this policy does.
It enforces existence of a specific attack does not apply to resource group, but it will apply toe every resource. If I assigned this policy on the resource group level,
I can click a sign
and I can select the scope for this assignment.
It will be on this subscription and it will be on the specific resource group
that I wanted. I will say select
right now will not do any exclusions.
put name and
for clarity lets and include also the resource group
See why be ese
I bought the *** all
Porto demo G and will say require specific
specified attack or actually require owner stock. That's how we will do it.
We cannot any description So this policy will require
owner talk for every resource created in down
cyber Very sure
bully See portal
*** or be so school.
it will be assigned to me. It will have enforcement
and the next thing we need to specify the parliamentary. So this policy has a single parliamentary which is the tag name
and we'll say the tac name is poner so we will require owner
for every resource created in a resource group.
We click next,
we can leave that by default,
will review the policy and we will create it.
The assignment is created so we can go back to the resource group
opened a research group.
And when we click on policies.
We will see that we have the default policies that are applied on the subscription level, or soba as your security center policies, and we have a require on it. Owner Tax See why be easy policy Porto
and these compliance state is not. Stop it
now. Let's try to go back to the resource group and create a resource in it. I will try to create a simple storage account resource in this resource group.
I'll click at storage account.
specify a name for it.
So it's in this resource group will say
Sai Buri ese Policy Porto Demo Storage. I will select West us because it's the closest to me
and locally redundant storage. How? Just keep through the wizard
and I will not specify any tax. So I will review
create the resource.
So the deployment starts but immediately fares because, as you see the resource waas, these allowed by policy so I cannot go and create a Polish any resource that doesn't comply with the policy.
If I want to go and actually create this storage account,
I need toe, specify the owner talk. Let's go and do that
will go back to the resource group
and we'll click at
go through the same wizard and will say cyber. Very sure.
Holy See *** or
Select the closest region
located on turn. No networking, no advanced. And now specify owner attack and I'll say my name.
We will review that and we woke. We create.
And this time the creation of the resource will go through because
we comply with the policy.
As you can see, this time, our deployment complete it and we have ah, storage account in the resource group. So if we click on the resource group will see that we have a storage account
and the storage account has attack with name, owner and the value my name.
You just saw how you can use azure portal toe assigned policy toe a resource group.
This policy will be enforced for any resource that is created in this resource group. Doesn't matter whether you create the resource is from the Porto or using a power shell or command line interface.
In the next video, we will see how you can assign policies using command line interface