Assigning an initiative – Ensuring Platform Governance

by Paulette Dukrs Posted on

Follow these steps to assign an initiative:

  1. Still on the Definitions view, click on the policy you just created.
  2. Click Assign.
  3. Set Scope to your subscription.
  4. Don’t add any exclusions.
  5. Set Policy enforcement to Enabled – we will come back and change this later. Click Next.
  6. Next, we set a value in the TagName parameter. Set this to CostCenter. Click Next.
  7. Click Next to ignore remediation, then click Create.

These policies will now take effect, but only when creating new resources and resource groups. Any existing resources will not be affected; however, we can still use the compliance view to see any items that are not compliant with this initiative.

Viewing the compliance dashboard

Earlier, we stated that policies could either report on non-compliant resources, deny their creation, or change the resource. The policies we have applied as part of the initiative will prevent a resource group from being created and automatically apply the cost center tag to new resources.

However, these only affect new resource groups and resources; what about the existing resources that do not fit the policies we have set?

The compliance dashboard in the Azure Policy blade will display all resources that do not match the set’s policies. This includes any new and existing resources. This is why not all policies necessarily restrict what we can and cannot do; sometimes, it may be acceptable to report and manually remediate compliant resources.

To view the compliance reports, perform the following steps:

  1. Navigate to the Azure portal: https://portal.azure.com.
  2. In the top search bar, type Policy and select Policy under Services.
  3. On the left-hand menu, select Compliance.

The compliance dashboard shows all the initiatives applied along with the compliance state across your organization. The following screenshot shows an example compliance view of the TaggingEnforcement initiative we created earlier:

Figure 5.9 – Example compliance dashboard

Click on the TaggingEnforcement initiative to view more details. This will display more granular details of the compliance of individual policies within that initiative. Clicking on a policy will display a list of all the resources that are not compliant. See the following screenshot for an example:

Figure 5.10 – Policy non-compliance details

Clicking the Details link against each resource will display further details about why it is non-compliant. You can use this information to fix the problem manually, or we can create an auto-remediation task to fix it for us.

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by Williamshand | Theme: Designed by William.