Azure Policy
Learn about the Azure policy-related concepts, and it‘s configuration options.
An Azure Policy is a service in Microsoft Azure that allows organizations to enforce and maintain compliance with corporate standards and regulatory requirements across their Azure environment. Azure policies are a set of rules and guidelines that define allowed or disallowed configurations for resources in Azure subscriptions. These policies can enforce requirements related to security, compliance, governance, and management.
Azure policies are typically defined using JSON-based policy definitions, which specify conditions, effects, and other parameters for governing resource configurations. When applied, Azure policies evaluate resources in the Azure environment and take actions such as enforcing compliance, remediation, or auditing based on the defined rules. Overall, Azure policies help organizations ensure consistency, security, and compliance in their Azure deployments.
Built-in definitions include stipulations such as restricting the kinds of resources that can be deployed and mandating the application of tags to all available resources.
We also have the option of creating our personalized policy definitions.
We will need to assign these policy definitions to put them into effect, regardless of whether they are built-in or bespoke. We can delegate control of these policies by utilizing the Azure portal, PowerShell, or the Azure CLI. From inside Azure Policy, we can disable or enable other policies.
Through Azure Policy, we'll find a variety of policies to choose from. The "Audit” rules that verify particular conditions and setups and then report on compliance are the ones that are utilized most frequently by Defender for Cloud. In addition, rules known as “Enforce” can be utilized to put security settings into effect.
Policies can be viewed from the Azure Policy portal as shown below:
Security initiative
A security initiative is a collection of Azure Policy definitions or rules that have been gathered together to achieve a specific goal or serve a particular function. Security initiatives make the management of our policies much easier by logically concatenating multiple policies into a single item. We can develop initiatives, assign initiatives to various subscriptions, and manage our policies with Azure Policy.
The policies column in the illustration below shows the number of policies included in the security initiative:
Security benchmark
The ...