Azure Policy service with real world example
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
We will create real Azure resources, assign real auditable flags (in the form of Azure tags), and then create a policy to prove the audit state of the objects with Azure policy reporting.
Create Two Virtual Networks
1. Create the first
virtual network.
·
The name can be anything ("HubvNet1" in this example).
·
The primary address space should 10.0.0.0/24.
·
The subnet address range should be 10.0.0.0/26.
2. Create a second
virtual network.
·
The name can be anything ("SpokeVnet1" in this example).
·
The primary address space should 10.10.10.0/24.
·
The subnet address range should be 10.10.10.0/26.
Create a Tag for Each Virtual Network
1. Add a tag to HubvNet1.
·
Name: Audit
·
Value: Yes
2. Add a tag to SpokeVnet1.
·
Name: Audit
·
Value: No
Create a Policy
in the case of the subscriptions and resource groups, the only available
option.
1. Create a policy>
Compliance > Assign Policy
2. Narrow the scope to
our resource group.
Go to BASIC and click on rectangle button
3. Search
"Tag" in the available policy definitions list.
4. Choose Require
tag and its value.
5. Set a Tag
Name of Audit and Tag value to Yes
7. After 15–30
minutes, narrow the scope of the Compliance blade to the
resource group, and it should refresh to show the policy as non-compliant: 50%.