Time
1 hour 7 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
Now let's go ahead and create some custom policies in visual Studio called
00:05
for. Our exercise will do. The four wing will use a built in policy that restricts the resource types for a resource is created in a specific resource club. However instant denying it will just change this toe auditing.
00:22
We will also create a very simple custom policy that audits the naming conventions used in that resource group.
00:30
And we will also create one more policy which will require specific tax to be applied to the resource is in the group
00:40
when we create resource is in that resource group. If we don't specify door stocks,
00:45
those creation, the creation of those resources will be denied.
00:50
At the end, we'll bundle all these policies in a single initiative and applied to the resource group.
00:57
Let's go ahead and do that.
01:00
We will start with the policy to restrict the resource types a lot in the resource group. There is a built in policy for that. We'll just copy that building policy and modify its lately
01:12
we need to go and search for the building definitions in the name of the policies called alone
01:19
resource types. This is the second policy.
01:23
I will open that policy and save it locally toe my machine
01:26
so I can't say save us
01:30
and I will put it in a new folder.
01:34
Both cyber the policies
01:37
on my machine
01:38
and I will just rename it to
01:42
system
01:45
a low resource type
01:51
policy case on.
01:55
In order to make it a Kristen policy, we need toe remove some of the information. So the 1st 4 lines
02:01
we need to live on Lee the policy rule,
02:05
we will delete the meta data.
02:07
We'll leave the para matters
02:12
and we'll remove the identifier, the name and the type.
02:16
So now we have a policy
02:21
which is exactly the same as the built in policy. The only thing that will change is instant. Having the deny effect will have the audit effect, which means that will not be denied. Creating resource is,
02:35
uh but we will
02:38
receive notifications if resource is outside, the specified least are created.
02:45
So this is our first policy.
02:46
Let's create a two other simple policies so or create a new file,
02:53
we will save it in the same location,
02:57
said Jason file.
03:00
And we will call it
03:02
custom
03:06
in forced name
03:12
policy definition, Jason.
03:15
And this will have a very simple room.
03:20
Let me just copy and
03:23
paste it
03:27
so we'll have a single parameter that hiss named Pattern. This Parton can include question marks for letters or hash for numbers.
03:38
And if the name doesn't match this bottom,
03:43
we'll have ah, old it effect on that,
03:46
uh, policy.
03:50
So let's save that.
03:52
And then we will create a one more,
03:57
which will be
03:59
require talks. So okay, the new file
04:02
we'll save it does said Jason,
04:06
and we'll call it
04:11
custom required tax
04:16
policy definition.
04:26
Okay. And this one will look like this.
04:32
So we will have ah,
04:35
policy rule. If
04:39
any of those things are false,
04:42
will deny the creation of the resource. What that means is that we will require
04:47
each resource tohave attack owner attack only male and talk department.
04:56
So those are the three custom policies that we created.
05:01
We can deport these policies using command line interface, but for simplicity, let's go to the portal and do that in the portal.
05:10
So here are we in the porter. I will go to the policy
05:15
set of this
05:16
in the definitions,
05:18
and I will create a new policy definition.
05:26
I will put this policy definition of the subscription level,
05:36
and I will co eight old IT resource types.
05:45
How are some description like policy for all the thing resource types?
05:56
And I will go and copy the definition
06:04
from here and paste it in the field.
06:12
I will save these policy.
06:16
If you go and filter by custom policy types, you will see that I have all the resource types and some other tests policy that I have created.
06:27
Let's do one more thes time. We will have the 2nd 1 which will be
06:33
enforce names
06:39
again. We'll put it on a subscription level,
06:47
and we'll actually call it all did
06:53
resource names.
06:58
The's bully sees this policy
07:01
all these the naming conventions for the resource is
07:10
and well paced.
07:12
The policy inside the field
07:15
will save it.
07:18
So we care for the resource names, then all the resource types I need toe fix my naming convention.
07:27
The last one that will do is
07:30
require mandatory tax for the resource. Is
07:41
new policy definition
07:43
again on the subscription level,
07:50
require mandatory tax policy.
07:58
Oops,
08:05
mandatory tax requires tax
08:16
and we will save it.
08:18
The next thing we'll do is we'll create initiative definition.
08:31
We will get only the custom policies,
08:33
so we'll have the resource types Will the research names and well at the mandatory tax
08:43
and we'll call it our custom initiative.
08:48
This initiative includes
08:52
three
08:54
policies
09:00
All the resource types
09:05
hold it,
09:07
names for resources.
09:09
And
09:11
I think wire mandatory tax
09:18
will save these initiative.
09:22
And actually, I forgot. We need to put name Pattern here, so we will use
09:31
three letters dash a C dust, holy see,
09:35
and maybe
09:39
five other letters
09:41
and the allowed resource types. We also need to select a lot resource types for this initiative.
09:48
It takes a little bit toe, actually load all those resource types.
09:56
So here are the storage account selections. So we'll go and select all of them.
10:05
Which means that this policy will hold it. Everything that is
10:09
every resource that is. No, the storage account related.
10:26
So the u wise a little bit old
10:35
last, we will go and save the initiative. And this is
10:41
how you create your initiatives and custom policies.
10:50
In this video, we saw how we can create custom policies in initiative cynosure

Up Next

Azure Policies

This course goes into details about Azure Policy and how it can be used for IT governance of Azure resources.

Instructed By

Instructor Profile Image
Toddy Mladenov
Instructor