Time
1 hour 7 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:01
In the last couple of videos, we saw how we can create policy assignments in Azure.
00:06
We can use the azure portal we can use actual CLI. We can assign policies or policy initiatives.
00:14
Now let's take a look how we can track our compliance and how we can exclude certain resource is from the policy.
00:25
Once again, I mean agile Porto and I can click on the policy service there
00:30
and I will get my dashboard here I can see all the policies that are applied or assigned to my subscription.
00:39
So I have the review CS initiative that we apply it in one of the previous videos. I have the audit resource vocation matching the resource group location which we applied using the CLI and I have also they require owner attack
00:58
for the resource is
01:00
that we created using azure portal
01:03
on the dashboard. You can see
01:07
what is the level of compliance against these policies For all the resource is within scope.
01:12
Let's take, for example, the require owner attack. So we see that this is 100% compliant and all
01:22
resource is in this resource group are compliant. We have only single resource there
01:29
which is the storage account
01:32
and the storage account has the proper owner attack. That's why everything is compliant.
01:38
However, let's go back and look at the only resource vocation. As you remember in our video, we created a storage account which has different location than the resource group. That's why these policies deported us non compliant. And there is a one resource is that is not compliant.
01:59
Let's click on this policy
02:00
and when you go inside, you can see every resource that is not compliant. In this particular case, our storage account is not compliant because it is created in us East us to and the policy requires that these resource is created where the resource group is created
02:20
and in our particular case, that waas West us too.
02:23
Okay,
02:25
let's look at the sea s initiative. So we have
02:30
167 out of 181 policies that
02:35
we are compliant with, but 14 are not.
02:38
If I click on the initiative, I will see all the policies that my re sources are not compliant with.
02:46
I can go and check each one of those.
02:50
As you can see, they are quite a few
02:53
that we need toe go through.
02:59
One thing I can do is I can go and led the assignment.
03:05
I have a resource group where I put the virtual machine that I will use in the next videos. And I would like Toa exclude this resource group from
03:14
the's initiative. I can go in the exclusion section,
03:20
click on the brows,
03:21
and
03:22
I can
03:23
optionally excludes my
03:29
resource group
03:30
and let me find that that will be custom policy Demo Resource Group
03:38
from the
03:40
policy or initiative
03:47
I can click next and next. Nothing else changes, and I can save this initiative
03:54
Once the initiative is saved,
03:58
it will take a while until this until this policy or initiative gets evaluated and I will see the updated compliance report
04:10
while waiting for the initiative to be reevaluated. Let's take a look at the resources that are not compliant and specifically the resource in the resource group that we excluded. This is the policy demo VM.
04:25
This is just the resource group that has just a single VM. If you click on it, you will see
04:31
that we have nine noncompliant policies for that VM.
04:38
So we have thinks like system of debt should be installed. Vulnerabilities in security configurations should be remediated and so on and so on.
04:46
Once the initiative gets re evaluated. Because we excluded this resource group from the
04:54
initiative, we'll see that will have nine
04:59
less noncompliant policies in our report. Let's wait for that to happen.
05:06
After some time,
05:09
the initiative got re evaluated. And as you can see now, we don't have the policy. The M that is part of the excluded resource group anymore of Iowa Bow in the non compliant resource is once we exclude
05:24
some resource or scope from the evaluation, we don't see these in the reports anymore.
05:32
In this video, we saw how we can check the policy compliant and how we can exempt Resource is from the policy evaluation.

Up Next

Azure Policies

This course goes into details about Azure Policy and how it can be used for IT governance of Azure resources.

Instructed By

Instructor Profile Image
Toddy Mladenov
Instructor