Ensuring Compliance with Azure Policies

2 hours
  • 3 Learning Objectives

About this Hands-on Lab

A complex yet increasingly more common task asked of the Azure Security Engineer is to perform and report on compliancy status. The reasons are widely varied, but the technical requirement is straightforward: Is it compliant, or is it not? In this hands-on lab, we will create two common Azure objects, with a notation representing an auditable value. Then, we will deploy a policy to report on that value before finally generating a report confirming the compliancy status.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create Two Virtual Networks

Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

  1. Create the first virtual network.
    • The name can be anything ("PolicyVnet1" in this example).
    • The primary address space should 10.0.0.0/24.
    • The subnet address range should be 10.0.0.0/26.
  2. Create a second virtual network.
    • The name can be anything ("PolicyVnet2" in this example).
    • The primary address space should 10.10.10.0/24.
    • The subnet address range should be 10.10.10.0/26.
Create a Tag for Each Virtual Network
  1. Add a tag to PolicyVnet1.
    • Name: Audit
    • Value: Yes
  2. Add a tag to PolicyVnet2.
    • Name: Audit
    • Value: No
Create a Policy

Note: Unless otherwise stated, select the default options or, in the case of the subscriptions and resource groups, the only available option.

  1. Create a policy.
  2. Narrow the scope to our resource group.
  3. Search "Tag" in the available policy definitions list.
  4. Choose Require tag and its value.
  5. Set a Tag Name of Audit and a Tag Value of Yes.
  6. After 15–30 minutes, narrow the scope of the Compliance blade to the resource group, and it should refresh to show the policy as non-compliant: 50%.

Additional Resources

In this lab, we take on the role of Mythic Corp cloud engineers tasked with providing a method of enforcing and reporting on compliancy status. We will create real Azure objects, assign real auditable flags (in the form of Azure tags), and then create a policy to prove the audit state of the objects with Azure policy reporting.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?