1 hour 7 minutes
Now let's go ahead and create some custom policies in visual Studio called
for. Our exercise will do. The four wing will use a built in policy that restricts the resource types for a resource is created in a specific resource club. However instant denying it will just change this toe auditing.
We will also create a very simple custom policy that audits the naming conventions used in that resource group.
And we will also create one more policy which will require specific tax to be applied to the resource is in the group
when we create resource is in that resource group. If we don't specify door stocks,
those creation, the creation of those resources will be denied.
At the end, we'll bundle all these policies in a single initiative and applied to the resource group.
Let's go ahead and do that.
We will start with the policy to restrict the resource types a lot in the resource group. There is a built in policy for that. We'll just copy that building policy and modify its lately
we need to go and search for the building definitions in the name of the policies called alone
resource types. This is the second policy.
I will open that policy and save it locally toe my machine
so I can't say save us
and I will put it in a new folder.
Both cyber the policies
on my machine
and I will just rename it to
a low resource type
policy case on.
In order to make it a Kristen policy, we need toe remove some of the information. So the 1st 4 lines
we need to live on Lee the policy rule,
we will delete the meta data.
We'll leave the para matters
and we'll remove the identifier, the name and the type.
So now we have a policy
which is exactly the same as the built in policy. The only thing that will change is instant. Having the deny effect will have the audit effect, which means that will not be denied. Creating resource is,
uh but we will
receive notifications if resource is outside, the specified least are created.
So this is our first policy.
Let's create a two other simple policies so or create a new file,
we will save it in the same location,
said Jason file.
And we will call it
in forced name
policy definition, Jason.
And this will have a very simple room.
Let me just copy and
so we'll have a single parameter that hiss named Pattern. This Parton can include question marks for letters or hash for numbers.
And if the name doesn't match this bottom,
we'll have ah, old it effect on that,
So let's save that.
And then we will create a one more,
which will be
require talks. So okay, the new file
we'll save it does said Jason,
and we'll call it
custom required tax
Okay. And this one will look like this.
So we will have ah,
policy rule. If
any of those things are false,
will deny the creation of the resource. What that means is that we will require
each resource tohave attack owner attack only male and talk department.
So those are the three custom policies that we created.
We can deport these policies using command line interface, but for simplicity, let's go to the portal and do that in the portal.
So here are we in the porter. I will go to the policy
set of this
in the definitions,
and I will create a new policy definition.
I will put this policy definition of the subscription level,
and I will co eight old IT resource types.
How are some description like policy for all the thing resource types?
And I will go and copy the definition
from here and paste it in the field.
I will save these policy.
If you go and filter by custom policy types, you will see that I have all the resource types and some other tests policy that I have created.
Let's do one more thes time. We will have the 2nd 1 which will be
again. We'll put it on a subscription level,
and we'll actually call it all did
The's bully sees this policy
all these the naming conventions for the resource is
and well paced.
The policy inside the field
will save it.
So we care for the resource names, then all the resource types I need toe fix my naming convention.
The last one that will do is
require mandatory tax for the resource. Is
new policy definition
again on the subscription level,
require mandatory tax policy.
mandatory tax requires tax
and we will save it.
The next thing we'll do is we'll create initiative definition.
We will get only the custom policies,
so we'll have the resource types Will the research names and well at the mandatory tax
and we'll call it our custom initiative.
This initiative includes
All the resource types
names for resources.
I think wire mandatory tax
will save these initiative.
And actually, I forgot. We need to put name Pattern here, so we will use
three letters dash a C dust, holy see,
five other letters
and the allowed resource types. We also need to select a lot resource types for this initiative.
It takes a little bit toe, actually load all those resource types.
So here are the storage account selections. So we'll go and select all of them.
Which means that this policy will hold it. Everything that is
every resource that is. No, the storage account related.
So the u wise a little bit old
last, we will go and save the initiative. And this is
how you create your initiatives and custom policies.
In this video, we saw how we can create custom policies in initiative cynosure
Implement IoT Hub Endpoints and Consumer Groups
This IT Pro Challenge hands-on lab shows learners how to implement and configure an Azure ...
Learn On Demand
AZ-500: Microsoft Azure Security Technologies
In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are ...
9 CEU/CPE Hours Available
Certificate of Completion Offered