Merge pull request #97037 from DCtheGeek/dmc-gov-mvccomp6

Update Policy for MVC compliance

Author: v-albemi

articles/governance/policy/assign-policy-azurecli.md

@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: New policy assignment with Azure CLI"
 description: In this quickstart, you use Azure CLI to create an Azure Policy assignment to identify non-compliant resources.
-ms.date: 01/23/2019
+ms.date: 11/25/2019
 ms.topic: quickstart
 ---
 # Quickstart: Create a policy assignment to identify non-compliant resources with Azure CLI
@@ -11,35 +11,37 @@ This quickstart steps you through the process of creating a policy assignment to
 machines that aren't using managed disks.
 
 At the end of this process, you'll successfully identify virtual machines that aren't using managed
-disks. They're *non-compliant* with the policy assignment.
+disks. They're _non-compliant_ with the policy assignment.
 
 Azure CLI is used to create and manage Azure resources from the command line or in scripts. This
 guide uses Azure CLI to create a policy assignment and to identify non-compliant resources in your
 Azure environment.
 
-If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account
-before you begin.
+## Prerequisites
 
-[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
+- If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/)
+  account before you begin.
 
-This quickstart requires that you run Azure CLI version 2.0.4 or later to install and use the CLI
-locally. To find the version, run `az --version`. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
+- This quickstart requires that you run Azure CLI version 2.0.76 or later to install and use the CLI
+  locally. To find the version, run `az --version`. If you need to install or upgrade, see
+  [Install Azure CLI](/cli/azure/install-azure-cli).
 
-## Prerequisites
+- Register the Azure Policy Insights resource provider using Azure CLI. Registering the resource
+  provider makes sure that your subscription works with it. To register a resource provider, you
+  must have permission to the register resource provider operation. This operation is included in
+  the Contributor and Owner roles. Run the following command to register the resource provider:
 
-Register the Azure Policy Insights resource provider using Azure CLI. Registering the resource
-provider makes sure that your subscription works with it. To register a resource provider, you must
-have permission to the register resource provider operation. This operation is included in the
-Contributor and Owner roles. Run the following command to register the resource provider:
+  ```azurecli-interactive
+  az provider register --namespace 'Microsoft.PolicyInsights'
+  ```
 
-```azurecli-interactive
-az provider register --namespace 'Microsoft.PolicyInsights'
-```
+  For more information about registering and viewing resource providers, see
+  [Resource Providers and Types](../../azure-resource-manager/resource-manager-supported-services.md)
 
-For more information about registering and viewing resource providers, see [Resource Providers and Types](../../azure-resource-manager/resource-manager-supported-services.md)
+- If you haven't already, install the [ARMClient](https://github.com/projectkudu/ARMClient). It's a
+  tool that sends HTTP requests to Azure Resource Manager-based APIs.
 
-If you haven't already, install the [ARMClient](https://github.com/projectkudu/ARMClient). It's a
-tool that sends HTTP requests to Azure Resource Manager-based APIs.
+[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
 
 ## Create a policy assignment
 
@@ -55,11 +57,11 @@ az policy assignment create --name 'audit-vm-manageddisks' --display-name 'Audit
 
 The preceding command uses the following information:
 
-- **Name** - The actual name of the assignment. For this example, *audit-vm-manageddisks* was used.
-- **DisplayName** - Display name for the policy assignment. In this case, you're using *Audit VMs
-  without managed disks Assignment*.
+- **Name** - The actual name of the assignment. For this example, _audit-vm-manageddisks_ was used.
+- **DisplayName** - Display name for the policy assignment. In this case, you're using _Audit VMs
+  without managed disks Assignment_.
 - **Policy** – The policy definition ID, based on which you're using to create the assignment. In
-  this case, it's the ID of policy definition *Audit VMs that do not use managed disks*. To get the
+  this case, it's the ID of policy definition _Audit VMs that do not use managed disks_. To get the
   policy definition ID, run this command: `az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"`
 - **Scope** - A scope determines what resources or grouping of resources the policy assignment gets
   enforced on. It could range from a subscription to resource groups. Be sure to replace
@@ -75,7 +77,8 @@ $policyAssignment = Get-AzPolicyAssignment | Where-Object { $_.Properties.Displa
 $policyAssignment.PolicyAssignmentId
 ```
 
-For more information about policy assignment IDs, see [Get-AzPolicyAssignment](/powershell/module/az.resources/get-azpolicyassignment).
+For more information about policy assignment IDs, see
+[Get-AzPolicyAssignment](/powershell/module/az.resources/get-azpolicyassignment).
 
 Next, run the following command to get the resource IDs of the non-compliant resources that are
 output into a JSON file:

articles/governance/policy/assign-policy-portal.md

@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: New policy assignment with portal"
 description: In this quickstart, you use Azure portal to create an Azure Policy assignment to identify non-compliant resources.
-ms.date: 12/06/2018
+ms.date: 11/25/2019
 ms.topic: quickstart
 ---
 # Quickstart: Create a policy assignment to identify non-compliant resources
@@ -11,15 +11,17 @@ This quickstart steps you through the process of creating a policy assignment to
 machines that aren't using managed disks.
 
 At the end of this process, you'll successfully identify virtual machines that aren't using managed
-disks. They're *non-compliant* with the policy assignment.
+disks. They're _non-compliant_ with the policy assignment.
+
+## Prerequisites
 
 If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account
 before you begin.
 
 ## Create a policy assignment
 
-In this quickstart, you create a policy assignment and assign the *Audit VMs that do not use managed
-disks* policy definition.
+In this quickstart, you create a policy assignment and assign the _Audit VMs that do not use managed
+disks_ policy definition.
 
 1. Launch the Azure Policy service in the Azure portal by clicking **All services**, then searching
    for and selecting **Policy**.
@@ -54,21 +56,23 @@ disks* policy definition.
 
    For a partial list of available built-in policies, see [Azure Policy samples](./samples/index.md).
 
-1. Search through the policy definitions list to find the *Audit VMs that do not use managed disks*
+1. Search through the policy definitions list to find the _Audit VMs that do not use managed disks_
    definition. Click on that policy and click **Select**.
 
    ![Find the correct policy definition](./media/assign-policy-portal/select-available-definition.png)
 
 1. The **Assignment name** is automatically populated with the policy name you selected, but you can
-   change it. For this example, leave *Audit VMs that do not use managed disks*. You can also add an
+   change it. For this example, leave _Audit VMs that do not use managed disks_. You can also add an
    optional **Description**. The description provides details about this policy assignment.
    **Assigned by** will automatically fill based on who is logged in. This field is optional, so
    custom values can be entered.
 
 1. Leave **Create a Managed Identity** unchecked. This box _must_ be checked when the policy or
-   initiative includes a policy with the [deployIfNotExists](./concepts/effects.md#deployifnotexists)
-   effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see
-   [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [how remediation security works](./how-to/remediate-resources.md#how-remediation-security-works).
+   initiative includes a policy with the
+   [deployIfNotExists](./concepts/effects.md#deployifnotexists) effect. As the policy used for this
+   quickstart doesn't, leave it blank. For more information, see
+   [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and
+   [how remediation security works](./how-to/remediate-resources.md#how-remediation-security-works).
 
 1. Click **Assign**.
 
@@ -110,7 +114,7 @@ To remove the assignment created, follow these steps:
    the **Audit VMs that do not use managed disks** policy assignment you created.
 
 1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete
-   assignment**
+   assignment**.
 
    ![Delete an assignment from the Compliance page](./media/assign-policy-portal/delete-assignment.png)
 

articles/governance/policy/assign-policy-powershell.md

@@ -1,25 +1,26 @@
 ---
 title: "Quickstart: New policy assignment with PowerShell"
 description: In this quickstart, you use Azure PowerShell to create an Azure Policy assignment to identify non-compliant resources.
-ms.date: 03/11/2019
+ms.date: 11/25/2019
 ms.topic: quickstart
 ---
 # Quickstart: Create a policy assignment to identify non-compliant resources using Azure PowerShell
 
 The first step in understanding compliance in Azure is to identify the status of your resources. In
 this quickstart, you create a policy assignment to identify virtual machines that aren't using
-managed disks. When complete, you'll identify virtual machines that are *non-compliant*.
+managed disks. When complete, you'll identify virtual machines that are _non-compliant_.
 
 The Azure PowerShell module is used to manage Azure resources from the command line or in scripts.
 This guide explains how to use Az module to create a policy assignment.
 
-If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account
-before you begin.
-
 ## Prerequisites
 
-- Before you start, make sure that the latest version of Azure PowerShell is installed. See [Install Azure PowerShell module](/powershell/azure/install-az-ps)
-  for detailed information.
+- If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/)
+  account before you begin.
+
+- Before you start, make sure that the latest version of Azure PowerShell is installed. See
+  [Install Azure PowerShell module](/powershell/azure/install-az-ps) for detailed information.
+
 - Register the Azure Policy Insights resource provider using Azure PowerShell. Registering the
   resource provider makes sure that your subscription works with it. To register a resource
   provider, you must have permission to the register resource provider operation. This operation is
@@ -31,11 +32,14 @@ before you begin.
   Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
   ```
 
-  For more information about registering and viewing resource providers, see [Resource Providers and Types](../../azure-resource-manager/resource-manager-supported-services.md)
+  For more information about registering and viewing resource providers, see
+  [Resource Providers and Types](../../azure-resource-manager/resource-manager-supported-services.md).
+
+[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
 
 ## Create a policy assignment
 
-In this quickstart, you create a policy assignment for the *Audit VMs without managed disks*
+In this quickstart, you create a policy assignment for the _Audit VMs without managed disks_
 definition. This policy definition identifies virtual machines not using managed disks.
 
 Run the following commands to create a new policy assignment:
@@ -53,11 +57,11 @@ New-AzPolicyAssignment -Name 'audit-vm-manageddisks' -DisplayName 'Audit VMs wit
 
 The preceding commands use the following information:
 
-- **Name** - The actual name of the assignment. For this example, *audit-vm-manageddisks* was used.
-- **DisplayName** - Display name for the policy assignment. In this case, you're using *Audit VMs
-  without managed disks Assignment*.
+- **Name** - The actual name of the assignment. For this example, _audit-vm-manageddisks_ was used.
+- **DisplayName** - Display name for the policy assignment. In this case, you're using _Audit VMs
+  without managed disks Assignment_.
 - **Definition** – The policy definition, based on which you're using to create the assignment. In
-  this case, it's the ID of policy definition *Audit VMs that do not use managed disks*.
+  this case, it's the ID of policy definition _Audit VMs that do not use managed disks_.
 - **Scope** - A scope determines what resources or grouping of resources the policy assignment gets
   enforced on. It could range from a subscription to resource groups. Be sure to replace
   <scope> with the name of your resource group.
@@ -75,7 +79,8 @@ you created. Run the following commands:
 Get-AzPolicyState -ResourceGroupName $rg.ResourceGroupName -PolicyAssignmentName 'audit-vm-manageddisks' -Filter 'IsCompliant eq false'
 ```
 
-For more information about getting policy state, see [Get-AzPolicyState](/powershell/module/az.policyinsights/Get-AzPolicyState).
+For more information about getting policy state, see
+[Get-AzPolicyState](/powershell/module/az.policyinsights/Get-AzPolicyState).
 
 Your results resemble the following example:
 

articles/governance/policy/assign-policy-template.md

@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: New policy assignment with templates"
 description: In this quickstart, you use a Resource Manager template to create a policy assignment to identify non-compliant resources.
-ms.date: 03/13/2019
+ms.date: 11/25/2019
 ms.topic: quickstart
 ---
 # Quickstart: Create a policy assignment to identify non-compliant resources by using a Resource Manager template
@@ -11,15 +11,18 @@ This quickstart steps you through the process of creating a policy assignment to
 machines that aren't using managed disks.
 
 At the end of this process, you'll successfully identify virtual machines that aren't using managed
-disks. They're *non-compliant* with the policy assignment.
+disks. They're _non-compliant_ with the policy assignment.
+
+## Prerequisites
 
 If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account
 before you begin.
 
 ## Create a policy assignment
 
 In this quickstart, you create a policy assignment and assign a built-in policy definition called
-*Audit VMs that do not use managed disks*. For a partial list of available built-in policies, see [Azure Policy samples](./samples/index.md).
+_Audit VMs that do not use managed disks_. For a partial list of available built-in policies, see
+[Azure Policy samples](./samples/index.md).
 
 There are several methods for creating policy assignments. In this quickstart, you use a
 [quickstart template](https://azure.microsoft.com/resources/templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/).
@@ -28,7 +31,8 @@ Here is a copy of the template:
 [!code-json[policy-assignment](~/quickstart-templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/azuredeploy.json)]
 
 > [!NOTE]
-> Azure Policy service is free.  For more information, see [Overview of Azure Policy](./overview.md).
+> Azure Policy service is free. For more information, see
+> [Overview of Azure Policy](./overview.md).
 
 1. Select the following image to sign in to the Azure portal and open the template:
 
@@ -39,7 +43,7 @@ Here is a copy of the template:
    | Name | Value |
    |------|-------|
    | Subscription | Select your Azure subscription. |
-   | Resource group | Select **Create new**, specify a name, and then select **OK**. In the screenshot, the resource group name is *mypolicyquickstart\<Date in MMDD>rg*. |
+   | Resource group | Select **Create new**, specify a name, and then select **OK**. In the screenshot, the resource group name is _mypolicyquickstart\<Date in MMDD\>rg_. |
    | Location | Select a region. For example, **Central US**. |
    | Policy Assignment Name | Specify a policy assignment name. You can use the policy definition display if you want. For example, **Audit VMs that do not use managed disks**. |
    | Rg Name | Specify a resource group name where you want to assign the policy to. In this quickstart, use the default value **[resourceGroup().name]**. **[resourceGroup()](../../azure-resource-manager/resource-group-template-functions-resource.md#resourcegroup)** is a template function that retrieves the resource group. |
@@ -52,8 +56,10 @@ Some additional resources:
 
 - To find more samples templates, see
   [Azure Quickstart template](https://azure.microsoft.com/resources/templates/?resourceType=Microsoft.Authorization&pageNumber=1&sort=Popular).
-- To see the template reference, go to [Azure template reference](/azure/templates/microsoft.authorization/allversions).
-- To learn how to develop Resource Manager templates, see [Azure Resource Manager documentation](/azure/azure-resource-manager/).
+- To see the template reference, go to
+  [Azure template reference](/azure/templates/microsoft.authorization/allversions).
+- To learn how to develop Resource Manager templates, see
+  [Azure Resource Manager documentation](../../azure-resource-manager/resource-group-overview.md).
 - To learn subscription-level deployment, see
   [Create resource groups and resources at the subscription level](../../azure-resource-manager/deploy-to-subscription.md).
 
@@ -67,7 +73,8 @@ managed disks** policy assignment you created.
 If there are any existing resources that aren't compliant with this new assignment, they appear
 under **Non-compliant resources**.
 
-For more information, see [How compliance works](./how-to/get-compliance-data.md#how-compliance-works).
+For more information, see
+[How compliance works](./how-to/get-compliance-data.md#how-compliance-works).
 
 ## Clean up resources
 

articles/governance/policy/overview.md

@@ -1,10 +1,10 @@
 ---
 title: Overview of Azure Policy
 description: Azure Policy is a service in Azure, that you use to create, assign and, manage policy definitions in your Azure environment.
-ms.date: 11/21/2019
+ms.date: 11/25/2019
 ms.topic: overview
 ---
-# Overview of the Azure Policy service
+# What is Azure Policy?
 
 Governance validates that your organization can achieve its goals through effective and efficient
 use of IT. It meets this need by creating clarity between business goals and IT projects.
@@ -231,6 +231,4 @@ next steps:
 
 - [Assign a policy definition using the portal](./assign-policy-portal.md).
 - [Assign a policy definition using the Azure CLI](./assign-policy-azurecli.md).
-- [Assign a policy definition using PowerShell](./assign-policy-powershell.md).
-- Review what a management group is with [Organize your resources with Azure management groups](../management-groups/overview.md).
-- View [Govern your Azure environment through Azure Policy](https://channel9.msdn.com/events/Build/2018/THR2030) on Channel 9.
+- [Assign a policy definition using PowerShell](./assign-policy-powershell.md).

articles/governance/policy/toc.yml

@@ -2,7 +2,7 @@
   href: index.yml
 - name: Overview
   items:
-  - name: Overview of Azure Policy
+  - name: What is Azure Policy?
     displayName: rbac, assign, initiative, parameters, count
     href: overview.md
 - name: Quickstarts