Ensuring Compliance with Azure Policies

In this lab, you will assume the role of an Azure security engineer. A common task asked of the Azure security engineer is to ensure compliance of Azure resources. In this hands-on lab, we will assign two Azure policies. Then, we will deploy a non-compliant resource and observe the results of the policy assigned.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Assign Azure Policies

The first policy must block the deployment of resource groups when a Cost Allocation tag is not provided.
The second policy must inherit the Cost Allocation tag from the parent resource group when the tag is not present on a resource.

Create a Cost Allocation Tag for the Resource Group

Create a Cost Allocation tag and attach it to the resource group.

Observe the Results of Policy Assignment

Create a non-compliant resource by omitting the Cost Allocation tag.
View the tags of the non-compliant resource after creation.

Scenario

To help you walk through the lab, consider the following scenario:

You are an Azure security engineer. A common task asked of the Azure security engineer is to ensure compliance of Azure resources. Using an existing resource group and the deployed resources, you will complete the following using the Azure portal:

Assign Two Azure Policies:

The first policy must block the deployment of resource groups when a cost allocation tag is not provided.

The second policy must inherit the cost allocation tag from the parent resource group when the tag is not present on a resource.

Create a Cost Allocation Tag for the Resource Group

Create a cost allocation tag and attach it to the resource group.

Observe the Results of Policy Assignment:

Create a non-compliant resource.

View the tags of the non-compliant resource after creation.

Lab Setup

Log in to the Azure portal by right-clicking Open Azure Portal and selecting the option to open it in a new private browser window (This option will read differently depending on your browser — for example, in Chrome, it reads Open Link in Incognito Window.). Then, sign in using the credentials provided on the lab page.

The objectives for this hands-on lab can be completed using the Azure portal.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.