|
| 1 | +--- |
| 2 | +title: Azure Web PubSub service Compliance using Azure Policy |
| 3 | +description: Assign built-in policies in Azure Policy to audit compliance of your Azure Web PubSub Service resources. |
| 4 | +author: JialinXin |
| 5 | + |
| 6 | +ms.service: azure-web-pubsub |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 10/25/2021 |
| 9 | +ms.author: jixin |
| 10 | +--- |
| 11 | + |
| 12 | +# Audit compliance of Azure Web PubSub Service resources using Azure Policy |
| 13 | + |
| 14 | +[Azure Policy](../governance/policy/overview.md) is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. |
| 15 | + |
| 16 | +This article introduces built-in policies (preview) for Azure Web PubSub Service. Use these policies to audit new and existing Web PubSub resources for compliance. |
| 17 | + |
| 18 | +There are no charges for using Azure Policy. |
| 19 | + |
| 20 | +## Built-in policy definitions |
| 21 | + |
| 22 | +The following built-in policy definitions are specific to Azure Web PubSub Service: |
| 23 | + |
| 24 | +[!INCLUDE [azure-policy-reference-policies-web-pubsub](../../includes/policy/reference/bycat/policies-web-pubsub.md)] |
| 25 | + |
| 26 | +## Assign policy definitions |
| 27 | + |
| 28 | +* Assign policy definitions using the [Azure portal](../governance/policy/assign-policy-portal.md), [Azure CLI](../governance/policy/assign-policy-azurecli.md), a [Resource Manager template](../governance/policy/assign-policy-template.md), or the Azure Policy SDKs. |
| 29 | +* Scope a policy assignment to a resource group, a subscription, or an [Azure management group](../governance/management-groups/overview.md). Web PubSub policy assignments apply to existing and new Web PubSub resources within the scope. |
| 30 | +* Enable or disable [policy enforcement](../governance/policy/concepts/assignment-structure.md#enforcement-mode) at any time. |
| 31 | + |
| 32 | +> [!NOTE] |
| 33 | +> After you assign or update a policy, it takes some time for the assignment to be applied to resources in the defined scope. See information about [policy evaluation triggers](../governance/policy/how-to/get-compliance-data.md#evaluation-triggers). |
| 34 | +
|
| 35 | +## Review policy compliance |
| 36 | + |
| 37 | +Access compliance information generated by your policy assignments using the Azure portal, Azure command-line tools, or the Azure Policy SDKs. For details, see [Get compliance data of Azure resources](../governance/policy/how-to/get-compliance-data.md). |
| 38 | + |
| 39 | +When a resource is non-compliant, there are many possible reasons. To determine the reason or to find the change responsible, see [Determine non-compliance](../governance/policy/how-to/determine-non-compliance.md). |
| 40 | + |
| 41 | +### Policy compliance in the portal: |
| 42 | + |
| 43 | +1. Select **All services**, and search for **Policy**. |
| 44 | +1. Select **Compliance**. |
| 45 | +1. Use the filters to limit compliance states or to search for policies |
| 46 | + |
| 47 | + [  ](./media/howto-monitor-azure-policy/azure-policy-compliance.png#lightbox) |
| 48 | +2. Select a policy to review aggregate compliance details and events. If desired, then select a specific Web PubSub for resource compliance. |
| 49 | + |
| 50 | +### Policy compliance in the Azure CLI |
| 51 | + |
| 52 | +You can also use the Azure CLI to get compliance data. For example, use the [az policy assignment list](/cli/azure/policy/assignment#az_policy_assignment_list) command in the CLI to get the policy IDs of the Azure Web PubSub Service policies that are applied: |
| 53 | + |
| 54 | +```azurecli |
| 55 | +az policy assignment list --query "[?contains(displayName,'Web PubSub')].{name:displayName, ID:id}" --output table |
| 56 | +``` |
| 57 | + |
| 58 | +Sample output: |
| 59 | + |
| 60 | +``` |
| 61 | +Name ID |
| 62 | +------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- |
| 63 | +[Preview]: Azure Web PubSub Service should use private links /subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Authorization/policyAssignments/<assignmentId> |
| 64 | +``` |
| 65 | + |
| 66 | +Then run [az policy state list](/cli/azure/policy/state#az_policy_state_list) to return the JSON-formatted compliance state for all resources under a specific resource group: |
| 67 | + |
| 68 | +```azurecli |
| 69 | +az policy state list --g <resourceGroup> |
| 70 | +``` |
| 71 | + |
| 72 | +Or run [az policy state list](/cli/azure/policy/state#az_policy_state_list) to return the JSON-formatted compliance state of a specific Web PubSub resource: |
| 73 | + |
| 74 | +```azurecli |
| 75 | +az policy state list \ |
| 76 | + --resource /subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.SignalRService/WebPubSub/<resourceName> \ |
| 77 | + --namespace Microsoft.SignalRService \ |
| 78 | + --resource-group <resourceGroup> |
| 79 | +``` |
| 80 | + |
| 81 | +## Next steps |
| 82 | + |
| 83 | +* Learn more about Azure Policy [definitions](../governance/policy/concepts/definition-structure.md) and [effects](../governance/policy/concepts/effects.md) |
| 84 | + |
| 85 | +* Create a [custom policy definition](../governance/policy/tutorials/create-custom-policy-definition.md) |
| 86 | + |
| 87 | +* Learn more about [governance capabilities](../governance/index.yml) in Azure |
| 88 | + |
| 89 | + |
| 90 | +<!-- LINKS - External --> |
| 91 | +[terms-of-use]: https://azure.microsoft.com/support/legal/preview-supplemental-terms/ |
0 commit comments