1 hour 5 minutes
throughout. Of course, we've created an assigned several policies and initiatives.
Let's look at how we can retrieve the data, the compliance data from those policies and initiatives.
I'll switch to the portal first, and we will look at the reporting capabilities there.
Let's look at how we can retrieve the compliance data in the portal.
The easiest way to do that is to go to the policy section.
You can see all the policies and initiatives that you have applied across your scopes.
If you click on view, all we'll explore a little bit about those.
The first thing is I also applied some of the key vault policies to a resource group in my subscription.
As you can see, there are quite a few here that are not compliant.
You can also see your overall compliance score the non compliant initiatives, three noncompliant policies
and the non compliant resource is
you can filter by each one of them.
That's gonna explore one of our key vault policies.
Let's say the manage minimums key size for RSA certificates.
If I click on that policy,
I will see details about this specific policy.
It is related to the key vault and if I click on it, I could go deeper and see exactly which certificates are non compliant.
I have also applied our custom initiative toe one of the resource groups.
If I click on it, I will see that
most of the things that we specified in this initiative are not followed for the specific resource group.
Let's say all the resource types. I have seven re sources that are not compliant.
As you remember, we said that actually, we will have on Lee storage account in this resource group.
But we have other things like, for example, websites, server farms and so on.
If we go back to our custom initiative,
we can also see that the resource names are non compliant.
Surprisingly, there are also re sources that are created in the resource group
that are not compliant with the tax.
One thing you can do is you can take a look at the reason for non compliance.
If you click on a specific resource, you can go and see noncompliance reason, and you'll get more details about the non compliance.
In this particular case, the current value is Sai Buri ese Policy Test one
and we required six letters for the last component of the name.
That is the reason why this resource is non compliant with the policy
using azure portal to view information in the policy. Compliance is nice, but maybe not everybody has access to the azure portal or the policy service there.
Sometimes you also want to export data policy data or compliance data and integrated with other external governance tools.
Azure gives you that functionality
you can use as your CLI or power shell to export the information from as your policy.
If you do a Z Policy state list,
you will receive information about all the policies that are applied in your subscriptions with details of their compliance.
You can take this information and send it to your GRC tool and integrated with it.
You can also summarize the policies by going easy policy state
You will get a summary of your compliance state.
You can manage individual events if you say a Z policy event
and you can list all the events that are related to the policy or you can quit it just for the specific events.
Using azure, CLI and power shell, you could do all this and integrate as your policy with external GRC tools,
as you can see as your gives you a lot of flexibility on how to retrieve policy data and report on your compliance.