Create and Manage Azure Policy Using Azure CLI
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
1 hour 5 minutes
In the last video, we saw how we can create a policy assignment using Azure portal.
when you develop automation scripts, you would like to use command line interface to assign the policies.
Let's see how we can use as your command line interface to do that.
If you have as your CLI installed on your local machine,
you can run those commands from your local machine.
But you could also run this in azure Cloud Shell.
Here I am in Azure Portal and I'm gonna begin starting Cloud Shell.
I also created a resource group for this demo.
I called it C Y B ese policy cli demo.
The first thing I need to do is I need to get information about the resource group.
I can run a CLI command to get the details about the resource group.
I have the ID location and so on everything that I need about this resource group.
The next thing is, I need to get information about the policy that I'm going to apply
for this demo. I will apply policy code audit resource location matches the research group location.
What that means is that the resource is that are created in the resource group need to have the same location as the resource group.
Let's get information about this policy.
This is the policy and the information that I will need from it is the name.
Now I can issue a command to do the policy assignment.
Here are the steps.
First thing is,
as your CLI has a policy command
and we'll say as your policy assignment create,
the next thing I need to provide is a friendly name for the assignment.
In my case, I will use audit resource location
next eventually display name, which will be helpful to find this policy assignment.
I'll just put audit resource location, matches the resource group,
the name of the research group location,
and then we need to specify the scope.
The scope needs to include the identify our of the resource group
because we would like to put this at the resource group scope.
I'll copy the identify
I need to provide the full identify of this group,
and the last thing I need to do is I need to identify the policy I want to assign.
In this particular case, we will use the policy name
and once I actually issued a command.
I received a successful message back, and this policy will be assigned to the resource group.
You can check this by going back to the resource group in Azure Portal
and clicking on the policy section.
You will see that audit resource location matches Resource Group
location is already assigned.
The policy is not evaluate yet. As you can see,
it's not started.
Let's go in the resource group and create a new resource there.
But before I do that, I want to check where the resource group is placed
and I find out it is in West U. S.
I will create a new resource that is not in this location. So we can see later how this policy reports on compliance.
Let's go back and we'll just create a simple storage account, which is based in East us, too.
We will search for storage account,
blob, file table and Q and will just create a new one in a different location than the resource group.
We will call it C Y B ese policy cli demo storage,
and we will pick up East us, too.
We will leave the rest, actually, by default
as you can see, because this is an audit policy, not enforcement policy, I am able to create a resource that is not in the location that the resource group has.
I'm not prevented from creating those. Resource is,
we will see later. This will be an out of compliance resource.
In this video, we saw how we can use azure sea ally to assign policies.
In the next video, we will look at how we can do assignments for initiatives.