A complex yet increasingly more common task asked of the Azure Security Engineer is to perform and report on compliancy status. The reasons are widely varied, but the technical requirement is straightforward: Is it compliant, or is it not? In this hands-on lab, we will create two common Azure objects, with a notation representing an auditable value. Then, we will deploy a policy to report on that value before finally generating a report confirming the compliancy status.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create Two Virtual Networks
Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.
- Create the first virtual network.
- The name can be anything ("PolicyVnet1" in this example).
- The primary address space should 10.0.0.0/24.
- The subnet address range should be 10.0.0.0/26.
- Create a second virtual network.
- The name can be anything ("PolicyVnet2" in this example).
- The primary address space should 10.10.10.0/24.
- The subnet address range should be 10.10.10.0/26.
- Create the first virtual network.
- Create a Tag for Each Virtual Network
- Add a tag to PolicyVnet1.
- Name: Audit
- Value: Yes
- Add a tag to PolicyVnet2.
- Name: Audit
- Value: No
- Add a tag to PolicyVnet1.
- Create a Policy
Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.
- Create a policy.
- Narrow the scope to our resource group.
- Search "Tag" in the available policy definitions list.
- Choose Require tag and its value.
- Set a Tag Name of Audit and a Tag Value of Yes.
- After 15–30 minutes, narrow the scope of the Compliance blade to the resource group, and it should refresh to show the policy as non-compliant: 50%.
