In the last couple of videos, we saw how we can create policy assignments in Azure.
We can use the azure portal we can use actual CLI. We can assign policies or policy initiatives.
Now let's take a look how we can track our compliance and how we can exclude certain resource is from the policy.
Once again, I mean agile Porto and I can click on the policy service there
and I will get my dashboard here I can see all the policies that are applied or assigned to my subscription.
So I have the review CS initiative that we apply it in one of the previous videos. I have the audit resource vocation matching the resource group location which we applied using the CLI and I have also they require owner attack
that we created using azure portal
on the dashboard. You can see
what is the level of compliance against these policies For all the resource is within scope.
Let's take, for example, the require owner attack. So we see that this is 100% compliant and all
resource is in this resource group are compliant. We have only single resource there
which is the storage account
and the storage account has the proper owner attack. That's why everything is compliant.
However, let's go back and look at the only resource vocation. As you remember in our video, we created a storage account which has different location than the resource group. That's why these policies deported us non compliant. And there is a one resource is that is not compliant.
Let's click on this policy
and when you go inside, you can see every resource that is not compliant. In this particular case, our storage account is not compliant because it is created in us East us to and the policy requires that these resource is created where the resource group is created
and in our particular case, that waas West us too.
let's look at the sea s initiative. So we have
167 out of 181 policies that
we are compliant with, but 14 are not.
If I click on the initiative, I will see all the policies that my re sources are not compliant with.
I can go and check each one of those.
As you can see, they are quite a few
that we need toe go through.
One thing I can do is I can go and led the assignment.
I have a resource group where I put the virtual machine that I will use in the next videos. And I would like Toa exclude this resource group from
the's initiative. I can go in the exclusion section,
optionally excludes my
and let me find that that will be custom policy Demo Resource Group
policy or initiative
I can click next and next. Nothing else changes, and I can save this initiative
Once the initiative is saved,
it will take a while until this until this policy or initiative gets evaluated and I will see the updated compliance report
while waiting for the initiative to be reevaluated. Let's take a look at the resources that are not compliant and specifically the resource in the resource group that we excluded. This is the policy demo VM.
This is just the resource group that has just a single VM. If you click on it, you will see
that we have nine noncompliant policies for that VM.
So we have thinks like system of debt should be installed. Vulnerabilities in security configurations should be remediated and so on and so on.
Once the initiative gets re evaluated. Because we excluded this resource group from the
initiative, we'll see that will have nine
less noncompliant policies in our report. Let's wait for that to happen.
the initiative got re evaluated. And as you can see now, we don't have the policy. The M that is part of the excluded resource group anymore of Iowa Bow in the non compliant resource is once we exclude
some resource or scope from the evaluation, we don't see these in the reports anymore.
In this video, we saw how we can check the policy compliant and how we can exempt Resource is from the policy evaluation.