Merge pull request #267351 from davidsmatlak/ds-policy-docs-edits

prmerger-automator[bot] · web-flow · commit 6c1c3de2ff2b · 2024-02-27T00:39:58.000Z
Edits to Azure Policy quickstarts
diff --git a/articles/governance/policy/assign-policy-azurecli.md b/articles/governance/policy/assign-policy-azurecli.md
@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: Create policy assignment using Azure CLI"
 description: In this quickstart, you create an Azure Policy assignment to identify non-compliant resources using Azure CLI.
-ms.date: 02/23/2024
+ms.date: 02/26/2024
 ms.topic: quickstart
 ms.custom: devx-track-azurecli
 ---
@@ -70,7 +70,7 @@ Run the following command to create the policy assignment:
 ```azurecli
 az policy assignment create \
   --name 'audit-vm-managed-disks' \
-  --display-name 'Audit VMs without managed disks Assignment' \
+  --display-name 'Audit VM managed disks' \
   --scope $rgid \
   --policy $definition \
   --description 'Azure CLI policy assignment to resource group'
@@ -86,7 +86,7 @@ The results of the policy assignment resemble the following example:
 
 ```output
 "description": "Azure CLI policy assignment to resource group",
-"displayName": "Audit VMs without managed disks Assignment",
+"displayName": "Audit VM managed disks",
 "enforcementMode": "Default",
 "id": "/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/audit-vm-managed-disks",
 "identity": null,
diff --git a/articles/governance/policy/assign-policy-bicep.md b/articles/governance/policy/assign-policy-bicep.md
@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: Create policy assignment using Bicep file"
 description: In this quickstart, you create an Azure Policy assignment to identify non-compliant resources using a Bicep file.
-ms.date: 02/23/2024
+ms.date: 02/26/2024
 ms.topic: quickstart
 ms.custom: subject-bicepqs, devx-track-bicep, devx-track-azurecli, devx-track-azurepowershell
 ---
@@ -34,14 +34,15 @@ Create the following Bicep file as _policy-assignment.bicep_.
 ```bicep
 param policyAssignmentName string = 'audit-vm-managed-disks'
 param policyDefinitionID string = '/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d'
+param policyDisplayName string = 'Audit VM managed disks'
 
 resource assignment 'Microsoft.Authorization/policyAssignments@2023-04-01' = {
   name: policyAssignmentName
   scope: resourceGroup()
   properties: {
     policyDefinitionId: policyDefinitionID
     description: 'Policy assignment to resource group scope created with Bicep file'
-    displayName: 'audit-vm-managed-disks'
+    displayName: policyDisplayName
     nonComplianceMessages: [
       {
         message: 'Virtual machines should use managed disks'
@@ -53,7 +54,13 @@ resource assignment 'Microsoft.Authorization/policyAssignments@2023-04-01' = {
 output assignmentId string = assignment.id
 ```
 
-The resource type defined in the Bicep file is [Microsoft.Authorization/policyAssignments](/azure/templates/microsoft.authorization/policyassignments). The Bicep file creates a policy assignment named _audit-vm-managed-disks_.
+The resource type defined in the Bicep file is [Microsoft.Authorization/policyAssignments](/azure/templates/microsoft.authorization/policyassignments).
+
+The Bicep file uses three parameters to deploy the policy assignment:
+
+- `policyAssignmentName` creates the policy assignment named _audit-vm-managed-disks_.
+- `policyDefinitionID` uses the ID of the built-in policy definition. For reference, the commands to get the ID are in the section to deploy the template.
+- `policyDisplayName` creates a display name that's visible in Azure portal.
 
 For more information about Bicep files:
 
@@ -117,6 +124,25 @@ The Azure CLI commands use a backslash (`\`) for line continuation to improve re
 
 ---
 
+The following commands display the `policyDefinitionID` parameter's value:
+
+# [PowerShell](#tab/azure-powershell)
+
+```azurepowershell
+(Get-AzPolicyDefinition |
+  Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use managed disks' }).ResourceId
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli
+az policy definition list \
+  --query "[?displayName=='Audit VMs that do not use managed disks']".id \
+  --output tsv
+```
+
+---
+
 The following commands deploy the policy definition to your resource group. Replace `<resourceGroupName>` with your resource group name:
 
 # [PowerShell](#tab/azure-powershell)
@@ -195,7 +221,7 @@ The output is verbose but resembles the following example:
 
 ```output
 "description": "Policy assignment to resource group scope created with Bicep file",
-"displayName": "audit-vm-managed-disks",
+"displayName": "Audit VM managed disks",
 "enforcementMode": "Default",
 "id": "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/audit-vm-managed-disks",
 "identity": null,
diff --git a/articles/governance/policy/assign-policy-powershell.md b/articles/governance/policy/assign-policy-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: "Quickstart: Create policy assignment using Azure PowerShell"
 description: In this quickstart, you create an Azure Policy assignment to identify non-compliant resources using Azure PowerShell.
-ms.date: 02/23/2024
+ms.date: 02/26/2024
 ms.topic: quickstart
 ms.custom: devx-track-azurepowershell
 ---
@@ -67,7 +67,7 @@ Run the following command to create the policy assignment:
 ```azurepowershell
 $policyparms = @{
 Name = 'audit-vm-managed-disks'
-DisplayName = 'Audit VMs without managed disks Assignment'
+DisplayName = 'Audit VM managed disks'
 Scope = $rg.ResourceId
 PolicyDefinition = $definition
 Description = 'Az PowerShell policy assignment to resource group'
