Ensuring Compliance with Azure Policies

Hands-On Lab

 

Photo of Shawn Johnson

Shawn Johnson

Azure Training Architect II in Content

Length

00:30:00

Difficulty

Intermediate

A complex yet increasingly more common task asked of the Azure Security Engineer is to perform and report on compliancy status. The reasons are widely varied, but the technical requirement is straightforward: Is it compliant, or is it not? In this hands-on lab, we will create two common Azure objects, with a notation representing an auditable value. Then, we will deploy a policy to report on that value before finally generating a report confirming the compliancy status.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Ensuring Compliance with Azure Policies

Introduction

A complex yet increasingly more common task asked of the Azure Security Engineer is to perform and report on compliancy status. The reasons vary widely, but the technical requirement is straightforward: Is it compliant, or is it not? In this hands-on lab, we will create two common Azure objects, with a notation representing an auditable value. Then, we will deploy a policy to report on that value before finally generating a report confirming the compliancy status.

Solution

Log in to the Azure Portal using the credentials provided on the lab instructions page.

Create Two Virtual Networks

Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

  1. Navigate to Resource groups in the left-hand menu to verify the region our resource group is located in.
  2. Navigate to Virtual networks in the left-hand menu and click Create virtual network.
  3. Set the following values:
    • Name: PolicyVnet1
    • Address space: 10.0.0.0/24
    • Resource group: Select the one listed in the dropdown
    • Location: The location we just noted
    • Address range: 10.0.0.0/26
  4. Click Create.
  5. Click Add.
  6. Create the first virtual network and set the following values:
    • Name: PolicyVnet2
    • Address space: 10.10.10.0/24
    • Resource group: Select the one listed in the dropdown
    • Location: The location we just noted
    • Address range: 10.10.10.0/26.
  7. Click Create.

Create a Tag for Each Virtual Network

  1. Click PolicyVnet1.
  2. Click Tags, and use the following settings:
    • Name: Audit
    • Value: Yes
  3. Click Save.
  4. Click PolicyVnet2.
  5. Click Tags, and use the following settings:
    • Name: Audit
    • Value: No

Create a Policy

Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

  1. Navigate to All services > Policy.
  2. Click Compliance.
  3. Click Assign policy.
  4. Next to Scope, click the little blue square.
  5. Click the dropdown for Resource Group and choose our listed resource group.
  6. Click Select.
  7. Next to Policy definition, click the little blue square.
  8. Search "Tag" in the available policy definitions list.
  9. Choose Require tag and its value.
  10. Click Select.
  11. In the Parameters section, use the following settings:
    • Tag Name: Audit
    • Tag Value: Yes
  12. Click Assign.
  13. After 15–30 minutes, click the little blue square next to the Scope.
  14. Set the Resource Group to our listed resource group.
  15. Click Select.
  16. It should refresh to show the policy as non-compliant: 50%.

Conclusion

Congratulations on successfully completing this hands-on lab!