Azure Weekly Insights

- [Instructor] We are going to explore policies and initiatives in Azure Policy, but before we do so let's quickly look at the Overview blade of Azure Policy. As you can see, I already have some policies applied and because I have policies applied, I can quickly see that I have a couple of noncompliant resources. I'm going to drill into the first noncompliant resource, which is disk encryption should be applied on virtual machines. We can easily see that we have a virtual machine in the resource group SMBDemo that does not have encryption applied. In order to bring this virtual machine into compliance, I would need to access that virtual machine and enable disk encryption. Now let me show you how we apply policies to scopes to ensure that our resources are in compliance. And this is done through Assignments and we can assign an initiative or a policy. And you may be asking yourself, "Well, what's the difference?" A policy contains one directive, such as virtual machines must have encrypted disks, whereas an initiative contains many policies. As you can see in my list, I have three policies and then I have one initiative that contains 81 policies. Let's assign a policy. The first thing you'll need to do is specify the scope and the scope could be a management group and optionally a subscription in a resource group. In this example, I am just going to select my subscription. I can also include exclusions. Now, let's go ahead and select a policy and there are a lot of policies to choose from. In my case, there's 194. Most of these are Microsoft provided policies, but I do have a couple of custom policies. I would highly recommend that you take some time to review the policies because some of them are really cool. I'm going to take the first one, audit virtual machines without disaster recovery configured. I can add in a description if I wanted to do so and that's it. I'm going to select Assign and now that policy will be applied to that subscription and the policy will audit all of the virtual machines and let us know which virtual machines do not have a backup applied. Now this will take some time, so patience is required here. While we're waiting for that, let's go ahead and assign an initiative and you'll notice the process is very similar. I'm going to select a scope and then a subscription. And you'll notice that we only have 32 initiatives. Again, most of these are Microsoft provided. As before, I'm going to take the first option, which is auditing VMs in which the administrator group does not contain specified members and here I need to provide the parameters. I'm going to add the member that needs to be in this group otherwise it'll be deemed noncompliant and then Assign. Back in the Overview blade, you will notice that the policy and the initiative that we just assigned have not started yet. Like I said, it will take some time for these policies and initiatives to be initially run. By leveraging Azure's policies and initiatives, you can quickly see which resources are not in compliant and then remediate the issue to bring that resource into compliance.