Time
1 hour 7 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:01
in this video, we will was signed on Azur policy to a resource groups call using as a reporter.
00:08
Let's switch to Usher Porto and see how this is them
00:14
for this *** home. I created a resource group called See Why Be ese policy portal Demo.
00:22
I woke it a new policy assignment for the specific resource group.
00:27
The policy that I WAAS sign will be a required tax policy, which will require a specific talk. Toby applied toe every resource that is created in this resource group.
00:40
Let's do that. So go toe the policy section,
00:45
and I looked through the definitions. First, I need to find the policy that I would like to assign
00:52
there many tax policies.
00:55
There is a policy which require stuck in its value, so these are fixed stock and value. I will select the required specific tax policy.
01:06
I will click on it, and I can review what this policy does.
01:10
It enforces existence of a specific attack does not apply to resource group, but it will apply toe every resource. If I assigned this policy on the resource group level,
01:22
I can click a sign
01:26
and I can select the scope for this assignment.
01:32
It will be on this subscription and it will be on the specific resource group
01:37
that I wanted. I will say select
01:42
right now will not do any exclusions.
01:45
We will
01:47
put name and
01:49
for clarity lets and include also the resource group
01:53
See why be ese
01:57
police See,
02:00
I bought the *** all
02:05
Porto demo G and will say require specific
02:10
specified attack or actually require owner stock. That's how we will do it.
02:19
We cannot any description So this policy will require
02:24
owner talk for every resource created in down
02:32
cyber Very sure
02:37
bully See portal
02:40
*** or be so school.
02:44
Okay,
02:46
it will be assigned to me. It will have enforcement
02:51
action
02:52
and the next thing we need to specify the parliamentary. So this policy has a single parliamentary which is the tag name
03:00
and we'll say the tac name is poner so we will require owner
03:06
for every resource created in a resource group.
03:09
We click next,
03:13
we can leave that by default,
03:15
will review the policy and we will create it.
03:20
The assignment is created so we can go back to the resource group
03:25
opened a research group.
03:30
And when we click on policies.
03:32
We will see that we have the default policies that are applied on the subscription level, or soba as your security center policies, and we have a require on it. Owner Tax See why be easy policy Porto
03:49
and these compliance state is not. Stop it
03:53
now. Let's try to go back to the resource group and create a resource in it. I will try to create a simple storage account resource in this resource group.
04:02
I'll click at storage account.
04:10
I will
04:11
specify a name for it.
04:14
So it's in this resource group will say
04:16
Sai Buri ese Policy Porto Demo Storage. I will select West us because it's the closest to me
04:29
and locally redundant storage. How? Just keep through the wizard
04:34
and I will not specify any tax. So I will review
04:41
and
04:42
create the resource.
04:45
So the deployment starts but immediately fares because, as you see the resource waas, these allowed by policy so I cannot go and create a Polish any resource that doesn't comply with the policy.
05:00
If I want to go and actually create this storage account,
05:04
I need toe, specify the owner talk. Let's go and do that
05:11
will go back to the resource group
05:15
and we'll click at
05:16
storage account,
05:25
go through the same wizard and will say cyber. Very sure.
05:30
Holy See *** or
05:31
storage
05:36
Select the closest region
05:40
located on turn. No networking, no advanced. And now specify owner attack and I'll say my name.
05:51
We will review that and we woke. We create.
05:58
And this time the creation of the resource will go through because
06:01
we comply with the policy.
06:04
As you can see, this time, our deployment complete it and we have ah, storage account in the resource group. So if we click on the resource group will see that we have a storage account
06:16
and the storage account has attack with name, owner and the value my name.
06:26
You just saw how you can use azure portal toe assigned policy toe a resource group.
06:31
This policy will be enforced for any resource that is created in this resource group. Doesn't matter whether you create the resource is from the Porto or using a power shell or command line interface.
06:45
In the next video, we will see how you can assign policies using command line interface

Up Next

Azure Policies

This course goes into details about Azure Policy and how it can be used for IT governance of Azure resources.

Instructed By

Instructor Profile Image
Toddy Mladenov
Instructor