About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

How to ensure Compliance with Azure Policies


Azure Policy service with real world example


Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.

We will create real Azure resources, assign real auditable flags (in the form of Azure tags), and then create a policy to prove the audit state of the objects with Azure policy reporting.

Create Two Virtual Networks
1.    Create the first virtual network.
·         The name can be anything ("HubvNet1" in this example).
·         The primary address space should 10.0.0.0/24.
·         The subnet address range should be 10.0.0.0/26.
2.    Create a second virtual network.
·         The name can be anything ("SpokeVnet1" in this example).
·         The primary address space should 10.10.10.0/24.
·         The subnet address range should be 10.10.10.0/26.
Create a Tag for Each Virtual Network
1.    Add a tag to HubvNet1.
·         Name: Audit
·         Value: Yes
2.    Add a tag to SpokeVnet1.
·         Name: Audit
·         Value: No
Create a Policy
     in the case of the subscriptions and resource groups, the only available option.
1.    Create a policy> Compliance > Assign Policy
2.    Narrow the scope to our resource group.

Go to BASIC and click on rectangle button


3.    Search "Tag" in the available policy definitions list.
4.    Choose Require tag and its value.


5.    Set a Tag Name of Audit and Tag value to Yes


7.    After 15–30 minutes, narrow the scope of the Compliance blade to the resource group, and it should refresh to show the policy as non-compliant: 50%.




No comments: