Configuring Azure policies

  1. Home
  2. Configuring Azure policies

Go back to AZ-500 Tutorials

In this tutorial, we will learn about configuring Azure policies by creating a policy assignment for identifying non-compliant resources. However, the very first step in understanding compliance in Azure is to identify the status of your resources. This helps you proceed further with the process of creating a policy assignment for identifying virtual machines that aren’t using managed disks.

Creating a policy assignment

In this, you will create a policy assignment and assign the Audit VMs that do not use managed disks policy definition.

  • Firstly, launch the Azure Policy service in the Azure portal by clicking All services, then searching for and selecting Policy.
  • Secondly, select Assignments on the left side of the Azure Policy page. However, an assignment is a policy that has been assigned for taking place within a specific scope.
  • Thirdly, select Assign Policy from the top of the Policy – Assignments page.
  • Fourthly, on the Assign Policy page, select the Scope by clicking the ellipsis and selecting either a management group or subscription.
  • Here, the resources can exclude on the basis of the Scope. Exclusions start at one level lower than the level of the Scope.
AZ-500 practice tests
  • After that, select the Policy definition ellipsis to open the list of available definitions. Azure Policy includes built-in policy definitions. Many are available, such as:
  1. Enforce tag and its value
  2. Apply tag and its value
  3. Inheriting a tag from the resource group if missing
  • Then, search through the policy definitions list to find the Audit VMs that do not use managed disks definition. Click on that policy and click Select.
  • After that, the Assignment name is automatically populated with the policy name you selected, but you can change it. 
  • Next, Leave Create a Managed Identity unchecked.
  • Lastly, click Assign.

Identifying non-compliant resources

For this, select Compliance on the left side of the page. After that, locate the Audit VMs that are not using managed disks policy assignment.

However, if there are any existing resources that aren’t compliant with this new assignment, they appear under Non-compliant resources.

And, when a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The table below shows how different policy effects work with the condition evaluation for the resulting compliance state. 

Configuring Azure policies
Image Source: Microsoft

Cleaning up resources

For removing the assignment created, follow these steps:

  • Firstly, select Compliance (or Assignments) in the left side of the Azure Policy page and locate the Audit VMs that do not use the managed disks policy assignment you created.
  • Then, right-click the Audit VMs that do not use managed disks policy assignment and select Delete assignment.
Azure policies concept in AZ-500 course

Reference: Microsoft Documentation

Go back to AZ-500 Tutorials

Menu