Skip to content

Commit 41fb074

Browse files
committed
Replace SQL Server 12 policy in content
1 parent e673575 commit 41fb074

File tree

3 files changed

+37
-35
lines changed

3 files changed

+37
-35
lines changed

articles/governance/policy/assign-policy-portal.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: "Quickstart: New policy assignment with portal"
33
description: In this quickstart, you use Azure portal to create an Azure Policy assignment to identify non-compliant resources.
4-
ms.date: 11/25/2019
4+
ms.date: 03/24/2020
55
ms.topic: quickstart
66
---
77
# Quickstart: Create a policy assignment to identify non-compliant resources
@@ -26,16 +26,16 @@ disks_ policy definition.
2626
1. Launch the Azure Policy service in the Azure portal by clicking **All services**, then searching
2727
for and selecting **Policy**.
2828

29-
![Search for Policy in All Services](./media/assign-policy-portal/search-policy.png)
29+
:::image type="content" source="./media/assign-policy-portal/search-policy.png" alt-text="Search for Policy in All Services" border="false":::
3030

3131
1. Select **Assignments** on the left side of the Azure Policy page. An assignment is a policy that
3232
has been assigned to take place within a specific scope.
3333

34-
![Select Assignments page from Policy Overview page](./media/assign-policy-portal/select-assignments.png)
34+
:::image type="content" source="./media/assign-policy-portal/select-assignments.png" alt-text="Select Assignments page from Policy Overview page" border="false":::
3535

3636
1. Select **Assign Policy** from the top of the **Policy - Assignments** page.
3737

38-
![Assign a policy definition from Assignments page](./media/assign-policy-portal/select-assign-policy.png)
38+
:::image type="content" source="./media/assign-policy-portal/select-assign-policy.png" alt-text="Assign a policy definition from Assignments page" border="false":::
3939

4040
1. On the **Assign Policy** page, select the **Scope** by clicking the ellipsis and selecting either
4141
a management group or subscription. Optionally, select a resource group. A scope determines what
@@ -52,14 +52,14 @@ disks_ policy definition.
5252

5353
- Enforce tag and its value
5454
- Apply tag and its value
55-
- Require SQL Server version 12.0
55+
- Inherit a tag from the resource group if missing
5656

5757
For a partial list of available built-in policies, see [Azure Policy samples](./samples/index.md).
5858

5959
1. Search through the policy definitions list to find the _Audit VMs that do not use managed disks_
6060
definition. Click on that policy and click **Select**.
6161

62-
![Find the correct policy definition](./media/assign-policy-portal/select-available-definition.png)
62+
:::image type="content" source="./media/assign-policy-portal/select-available-definition.png" alt-text="Find the correct policy definition" border="false":::
6363

6464
1. The **Assignment name** is automatically populated with the policy name you selected, but you can
6565
change it. For this example, leave _Audit VMs that do not use managed disks_. You can also add an
@@ -84,7 +84,7 @@ environment.
8484
Select **Compliance** in the left side of the page. Then locate the **Audit VMs that do not use
8585
managed disks** policy assignment you created.
8686

87-
![Compliance details on the Policy Compliance page](./media/assign-policy-portal/policy-compliance.png)
87+
:::image type="content" source="./media/assign-policy-portal/policy-compliance.png" alt-text="Compliance details on the Policy Compliance page" border="false":::
8888

8989
If there are any existing resources that aren't compliant with this new assignment, they appear
9090
under **Non-compliant resources**.
@@ -116,7 +116,7 @@ To remove the assignment created, follow these steps:
116116
1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete
117117
assignment**.
118118

119-
![Delete an assignment from the Compliance page](./media/assign-policy-portal/delete-assignment.png)
119+
:::image type="content" source="./media/assign-policy-portal/delete-assignment.png" alt-text="Delete an assignment from the Compliance page" border="false":::
120120

121121
## Next steps
122122

13.1 KB
Loading

articles/governance/policy/tutorials/create-and-manage.md

Lines changed: 29 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: "Tutorial: Build policies to enforce compliance"
33
description: In this tutorial, you use policies to enforce standards, control costs, maintain security, and impose enterprise wide design principles.
4-
ms.date: 12/20/2019
4+
ms.date: 03/24/2020
55
ms.topic: tutorial
66
---
77
# Tutorial: Create and manage policies to enforce compliance
@@ -29,21 +29,22 @@ before you begin.
2929

3030
The first step in enforcing compliance with Azure Policy is to assign a policy definition. A policy
3131
definition defines under what condition a policy is enforced and what effect to take. In this
32-
example, assign a built-in policy definition, called *Require SQL Server version 12.0*, to enforce
33-
the condition that all SQL Server databases must be v12.0 to be compliant.
32+
example, assign the built-in policy definition called _Inherit a tag from the resource group if
33+
missing_ to add the specified tag with its value from the parent resource group to new or updated
34+
resources missing the tag.
3435

3536
1. Go to the Azure portal to assign policies. Search for and select **Policy**.
3637

37-
![Search for Policy in the search bar](../media/create-and-manage/search-policy.png)
38+
:::image type="content" source="../media/create-and-manage/search-policy.png" alt-text="Search for Policy in the search bar" border="false":::
3839

3940
1. Select **Assignments** on the left side of the Azure Policy page. An assignment is a policy that
4041
has been assigned to take place within a specific scope.
4142

42-
![Select Assignments from Policy Overview page](../media/create-and-manage/select-assignments.png)
43+
:::image type="content" source="../media/create-and-manage/select-assignments.png" alt-text="Select Assignments from Policy Overview page" border="false":::
4344

4445
1. Select **Assign Policy** from the top of the **Policy - Assignments** page.
4546

46-
![Assign a policy definition from Assignments page](../media/create-and-manage/select-assign-policy.png)
47+
:::image type="content" source="../media/create-and-manage/select-assign-policy.png" alt-text="Assign a policy definition from Assignments page" border="false":::
4748

4849
1. On the **Assign Policy** page and **Basics** tab, select the **Scope** by selecting the ellipsis
4950
and selecting either a management group or subscription. Optionally, select a resource group. A
@@ -56,18 +57,19 @@ the condition that all SQL Server databases must be v12.0 to be compliant.
5657
the level of the **Scope**. **Exclusions** are optional, so leave it blank for now.
5758

5859
1. Select the **Policy definition** ellipsis to open the list of available definitions. You can
59-
filter the policy definition **Type** to *Built-in* to view all and read their descriptions.
60+
filter the policy definition **Type** to _Built-in_ to view all and read their descriptions.
6061

61-
1. Select **Add or replace a tag on resources**. If you can't find it right away, type **add or
62-
replace** into the search box and then press ENTER or select out of the search box. Select
63-
**Select** at the bottom of the **Available Definitions** page once you have found and selected
64-
the policy definition.
62+
1. Select **Inherit a tag from the resource group if missing**. If you can't find it right away,
63+
type **inherit a tag** into the search box and then press ENTER or select out of the search box.
64+
Select **Select** at the bottom of the **Available Definitions** page once you have found and
65+
selected the policy definition.
6566

66-
![Use search filter to locate a policy](../media/create-and-manage/select-available-definition.png)
67+
:::image type="content" source="../media/create-and-manage/select-available-definition.png" alt-text="Use search filter to locate a policy":::
6768

6869
1. The **Assignment name** is automatically populated with the policy name you selected, but you can
69-
change it. For this example, leave *Add or replace a tag on resources*. You can also add an optional
70-
**Description**. The description provides details about this policy assignment.
70+
change it. For this example, leave _Inherit a tag from the resource group if missing_. You can
71+
also add an optional **Description**. The description provides details about this policy
72+
assignment.
7173

7274
1. Leave **Policy enforcement** as _Enabled_. When _Disabled_, this setting allows testing the
7375
outcome of the policy without triggering the effect. For more information, see
@@ -78,7 +80,7 @@ the condition that all SQL Server databases must be v12.0 to be compliant.
7880

7981
1. Select the **Parameters** tab at the top of the wizard.
8082

81-
1. For **Tag Name**, enter _Environment_ and for **Tag Value** enter _Dev_.
83+
1. For **Tag Name**, enter _Environment_.
8284

8385
1. Select the **Remediation** tab at the top of the wizard.
8486

@@ -106,7 +108,7 @@ series, the request is denied.
106108

107109
1. Select **Definitions** under **Authoring** in the left side of the Azure Policy page.
108110

109-
![Definition page under Authoring group](../media/create-and-manage/definition-under-authoring.png)
111+
:::image type="content" source="../media/create-and-manage/definition-under-authoring.png" alt-text="Definition page under Authoring group" border="false":::
110112

111113
1. Select **+ Policy definition** at the top of the page. This button opens to the **Policy
112114
definition** page.
@@ -386,12 +388,12 @@ overview](../overview.md).
386388

387389
1. Select **Definitions** under **Authoring** in the left side of the Azure Policy page.
388390

389-
![Select definition from the Definitions page](../media/create-and-manage/definition-under-authoring.png)
391+
:::image type="content" source="../media/create-and-manage/definition-under-authoring.png" alt-text="Select definition from the Definitions page" border="false":::
390392

391393
1. Select **+ Initiative Definition** at the top of the page to open the **Initiative definition**
392394
page.
393395

394-
![Review initiative definition page](../media/create-and-manage/initiative-definition.png)
396+
:::image type="content" source="../media/create-and-manage/initiative-definition.png" alt-text="Review initiative definition page" border="false":::
395397

396398
1. Use the **Definition location** ellipsis to select a management group or subscription to store
397399
the definition. If the previous page was scoped to a single management group or subscription,
@@ -420,7 +422,7 @@ overview](../overview.md).
420422

421423
After selecting the policy definition from the list, each is added below **Category**.
422424

423-
![Review initiative definition parameters](../media/create-and-manage/initiative-definition-2.png)
425+
:::image type="content" source="../media/create-and-manage/initiative-definition-2.png" alt-text="Review initiative definition parameters" border="false":::
424426

425427
1. If a policy definition being added to the initiative has parameters, they're shown under the
426428
policy name in the area under **Category** area. The _value_ can be set to either 'Set value'
@@ -431,7 +433,7 @@ overview](../overview.md).
431433
during initiative assignment. The allowed values on this initiative parameter can further
432434
restrict what may be set during initiative assignment.
433435

434-
![Change initiative definition parameters from allowed values](../media/create-and-manage/initiative-definition-3.png)
436+
:::image type="content" source="../media/create-and-manage/initiative-definition-3.png" alt-text="Change initiative definition parameters from allowed values" border="false":::
435437

436438
> [!NOTE]
437439
> In the case of some `strongType` parameters, the list of values cannot be automatically
@@ -498,12 +500,12 @@ New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"
498500
1. Locate the **Get Secure** initiative definition you previously created and select it. Select
499501
**Assign** at the top of the page to open to the **Get Secure: Assign initiative** page.
500502

501-
![Assign a definition from Initiative definition page](../media/create-and-manage/assign-definition.png)
503+
:::image type="content" source="../media/create-and-manage/assign-definition.png" alt-text="Assign a definition from Initiative definition page" border="false":::
502504

503505
You can also right-click on the selected row or select the ellipsis at the end of the row for a
504506
contextual menu. Then select **Assign**.
505507

506-
![Alternative options for an initiative](../media/create-and-manage/select-right-click.png)
508+
:::image type="content" source="../media/create-and-manage/select-right-click.png" alt-text="Alternative options for an initiative" border="false":::
507509

508510
1. Fill out the **Get Secure: Assign Initiative** page by entering the following example
509511
information. You can use your own information.
@@ -544,12 +546,12 @@ New-AzPolicySetDefinition -Name 'VMPolicySetDefinition' -Metadata '{"category":"
544546
1. Locate the **Get Secure** initiative. It's likely still in _Compliance state_ of **Not started**.
545547
Select the initiative to get full details on the progress of the assignment.
546548

547-
![Initiative compliance page - evaluations not started](../media/create-and-manage/compliance-status-not-started.png)
549+
:::image type="content" source="../media/create-and-manage/compliance-status-not-started.png" alt-text="Initiative compliance page - evaluations not started" border="false":::
548550

549551
1. Once the initiative assignment has been completed, the compliance page is updated with the
550552
_Compliance state_ of **Compliant**.
551553

552-
![Initiative compliance page- resources compliant](../media/create-and-manage/compliance-status-compliant.png)
554+
:::image type="content" source="../media/create-and-manage/compliance-status-compliant.png" alt-text="Initiative compliance page- resources compliant" border="false":::
553555

554556
1. Selecting any policy on the initiative compliance page opens the compliance details page for that
555557
policy. This page provides details at the resource level for compliance.
@@ -571,14 +573,14 @@ select **Failed. Click here for details ->** on the Deployment Overview page. A
571573
right side of the page with the error information. Under **Error Details** are the GUIDs of the
572574
related policy objects.
573575

574-
![Deployment denied by policy assignment](../media/create-and-manage/rg-deployment-denied.png)
576+
:::image type="content" source="../media/create-and-manage/rg-deployment-denied.png" alt-text="Deployment denied by policy assignment" border="false":::
575577

576578
On the Azure Policy page: Select **Compliance** in the left side of the page and select the **Get
577579
Secure** policy initiative. On this page, there is an increase in the **Deny** count for blocked
578580
resources. Under the **Events** tab are details about who tried to create or deploy the resource
579581
that was denied by the policy definition.
580582

581-
![Compliance overview of an assigned policy](../media/create-and-manage/compliance-overview.png)
583+
:::image type="content" source="../media/create-and-manage/compliance-overview.png" alt-text="Compliance overview of an assigned policy" border="false":::
582584

583585
In this example, Trent Baker, one of Contoso's Sr. Virtualization specialists, was doing required
584586
work. We need to grant Trent a space for an exception. Created a new resource group,
@@ -593,7 +595,7 @@ work. We need to grant Trent a space for an exception. Created a new resource gr
593595
1. Set the **Exclusion** by selecting the ellipsis and selecting the resource group to exclude,
594596
_LocationsExcluded_ in this example. Select **Add to Selected Scope** and then select **Save**.
595597

596-
![Add an excluded resource group to the policy assignment](../media/create-and-manage/request-exclusion.png)
598+
:::image type="content" source="../media/create-and-manage/request-exclusion.png" alt-text="Add an excluded resource group to the policy assignment" border="false":::
597599

598600
> [!NOTE]
599601
> Depending on the policy definition and its effect, the exclusion could also be granted to

0 commit comments

Comments
 (0)