Retrieving Compliance Data

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 5 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
throughout. Of course, we've created an assigned several policies and initiatives.
00:05
Let's look at how we can retrieve the data, the compliance data from those policies and initiatives.
00:11
I'll switch to the portal first, and we will look at the reporting capabilities there.
00:16
Let's look at how we can retrieve the compliance data in the portal.
00:20
The easiest way to do that is to go to the policy section.
00:24
You can see all the policies and initiatives that you have applied across your scopes.
00:30
If you click on view, all we'll explore a little bit about those.
00:35
The first thing is I also applied some of the key vault policies to a resource group in my subscription.
00:41
As you can see, there are quite a few here that are not compliant.
00:47
You can also see your overall compliance score the non compliant initiatives, three noncompliant policies
00:54
and the non compliant resource is
00:56
you can filter by each one of them.
00:58
That's gonna explore one of our key vault policies.
01:00
Let's say the manage minimums key size for RSA certificates.
01:07
If I click on that policy,
01:08
I will see details about this specific policy.
01:11
It is related to the key vault and if I click on it, I could go deeper and see exactly which certificates are non compliant.
01:23
I have also applied our custom initiative toe one of the resource groups.
01:29
If I click on it, I will see that
01:32
most of the things that we specified in this initiative are not followed for the specific resource group.
01:38
Let's say all the resource types. I have seven re sources that are not compliant.
01:44
As you remember, we said that actually, we will have on Lee storage account in this resource group.
01:49
But we have other things like, for example, websites, server farms and so on.
01:57
If we go back to our custom initiative,
02:00
we can also see that the resource names are non compliant.
02:04
Surprisingly, there are also re sources that are created in the resource group
02:08
that are not compliant with the tax.
02:13
One thing you can do is you can take a look at the reason for non compliance.
02:22
If you click on a specific resource, you can go and see noncompliance reason, and you'll get more details about the non compliance.
02:30
In this particular case, the current value is Sai Buri ese Policy Test one
02:37
and we required six letters for the last component of the name.
02:44
That is the reason why this resource is non compliant with the policy
02:51
using azure portal to view information in the policy. Compliance is nice, but maybe not everybody has access to the azure portal or the policy service there.
03:01
Sometimes you also want to export data policy data or compliance data and integrated with other external governance tools.
03:12
Azure gives you that functionality
03:16
you can use as your CLI or power shell to export the information from as your policy.
03:23
If you do a Z Policy state list,
03:30
you will receive information about all the policies that are applied in your subscriptions with details of their compliance.
03:38
You can take this information and send it to your GRC tool and integrated with it.
03:45
You can also summarize the policies by going easy policy state
03:47
summarize.
03:52
You will get a summary of your compliance state.
03:57
You can manage individual events if you say a Z policy event
04:01
and you can list all the events that are related to the policy or you can quit it just for the specific events.
04:10
Using azure, CLI and power shell, you could do all this and integrate as your policy with external GRC tools,
04:19
as you can see as your gives you a lot of flexibility on how to retrieve policy data and report on your compliance.
Up Next