Azure Policies

Description

Az-104 Azure (Apply and monitor infrastructure standards with Azure Policy) Flashcards on Azure Policies, created by Natalia Skowronek on 12/11/2020.
Natalia Skowronek
Flashcards by Natalia Skowronek, updated more than 1 year ago
Natalia Skowronek
Created by Natalia Skowronek about 4 years ago
10
0

Resource summary

Question Answer
What is Azure Policy an Azure service where you can create, update and manage policies.
What is a policy (in general) policies are rules that might be defined against resources in order to stay compliant with your company rules (corporate standards)
Example of a policy (in Case of Azure Policies) e.g. with VMs: you might have a policy that limits their size (in order to limit costs) - after applying this policy new and existing resources are evaluated for compliance. This forces you to create a VM which size is less or equal as the one defined in a policy. The same will be with updating existing one.
When Azure Policy will audit our resources? During creation of new resource, during update and against all existing ones.
What is a result of policy audit? It can audit non-compliant resources, alter the resource properties, or stop the resource from being created.
RBAC vs Azure Policy RBAC focuses on user actions at different scopes. Azure Policy focuses on resource properties during deployment and against existing ones.
How to create a policy (in general) To create a policy you need to prepare a policy definition - a conditions under which it is enforced)
What is a policy definition? Expresses what to evaluate and what action to take. Defined in JSON. e.g.: allow only specific SKU for VM - if not, deny creation of VM
How to apply Azure Policy (PS) - use Microsoft.PolicyInsights extension - Define policy or take existing one - Apply using command New-AzPolicyAssignment
How to register the resource provider (PS) Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
What do you need to create Policy assignemnt with PS? New-AzPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit VMs without managed disks Assignment' -Scope $resourcegroup.ResourceId -PolicyDefinition $definition So you need: name of policy, scope with subscription or resource group ID and a policy definition
How to check non compliant resources (Azure Portal) In Azure Portal in your tenant and subscription find Policy section -> Compliance and look for your specific policy in a table
How to check non compliant resources (PS) Get-AzPolicyState -ResourceGroupName <ResGrpName> -PolicyAssignmentName <PolicyAssgnName> -Filter 'IsCompliant eq false'
What is A policy assignment A policy definition that has been assigned to take place within a specific scope
Range of Scope for Policy - It can vary from a Subscription down to RG - assignments are inherited by all child resources - you can exclude a subscope example of scope: '/subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>'
What is a policy effect determines what happens when a policy rule is matched; Azure Policu has a single effect and it can be: Deny, Disabled, Append, Audit/AuditIfNotExists. DeployIfNotExists
Policy Effect: Deny - What happens? The resource creation/update fails due to policy.
Policy Effect: Disabled - What happens? The policy rule is ignored
Policy Effect: Append- What happens? Adds additional parameters/fields to the requested resource during creation or update.
Policy Effect: Audit/AuditIfNotExists- What happens? Does not stop the request but creates a warning in the activity log
Policy Effect: DeployIfNotExists- What happens? Executes a template deployment when a specific condition is met. For example, if SQL encryption is enabled on a database, then it can run a template after the DB is created to set it up a specific way
How to remove policy assignment (PS) Remove-AzPolicyAssignment -Name <PolicyAssgnName> -Scope <scope>
Show full summary Hide full summary

Similar

Families and Households - Key Policies and Dates
amylouise98
UK Pressure Groups Examples
Emily Bevis
Microsoft.Certkey.AZ-900.v2020-08-18.by.zala.111q
Rodolfo Ruiz
PaaS Cloud Services
Liam-Beckwith
Public Policy Approaches
stella.kalis
Pro-natalist policy for France (code de la famille)
Vedika Singhania
Outline some of the ways in which government educational policies may have affected social class differences in educational achievement.
Tahlie
SCOTLAND
Maria Murray
Ethics & Policy
katyfisher13
Insurance
PJ. K
Population
FinleySwarb95