Skip to content

Commit 86b7853

Browse files
authored
Merge pull request #77380 from DCtheGeek/dmc-policy-lang1
Language and markdown cleanup
2 parents 15145fa + 79eecfa commit 86b7853

15 files changed

+557
-374
lines changed

articles/governance/policy/assign-policy-azurecli.md

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -22,17 +22,19 @@ Azure CLI is used to create and manage Azure resources from the command line or
2222
guide uses Azure CLI to create a policy assignment and to identify non-compliant resources in your
2323
Azure environment.
2424

25-
If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account before you begin.
25+
If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account
26+
before you begin.
2627

2728
[!INCLUDE [cloud-shell-try-it.md](../../../includes/cloud-shell-try-it.md)]
2829

29-
This quickstart requires that you run Azure CLI version 2.0.4 or later to install and use the CLI locally. To find the version, run `az --version`. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
30+
This quickstart requires that you run Azure CLI version 2.0.4 or later to install and use the CLI
31+
locally. To find the version, run `az --version`. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
3032

3133
## Prerequisites
3234

33-
Register the Policy Insights resource provider using Azure CLI. Registering the resource provider
34-
makes sure that your subscription works with it. To register a resource provider, you must have
35-
permission to the register resource provider operation. This operation is included in the
35+
Register the Azure Policy Insights resource provider using Azure CLI. Registering the resource
36+
provider makes sure that your subscription works with it. To register a resource provider, you must
37+
have permission to the register resource provider operation. This operation is included in the
3638
Contributor and Owner roles. Run the following command to register the resource provider:
3739

3840
```azurecli-interactive
@@ -47,8 +49,8 @@ tool that sends HTTP requests to Azure Resource Manager-based APIs.
4749
## Create a policy assignment
4850

4951
In this quickstart, you create a policy assignment and assign the **Audit VMs that do not use
50-
managed disks** definition. This policy definition identifies resources that aren't compliant to
51-
the conditions set in the policy definition.
52+
managed disks** definition. This policy definition identifies resources that aren't compliant to the
53+
conditions set in the policy definition.
5254

5355
Run the following command to create a policy assignment:
5456

@@ -58,11 +60,15 @@ az policy assignment create --name 'audit-vm-manageddisks' --display-name 'Audit
5860

5961
The preceding command uses the following information:
6062

61-
- **Name** - The actual name of the assignment. For this example, *audit-vm-manageddisks* was used.
62-
- **DisplayName** - Display name for the policy assignment. In this case, you're using *Audit VMs without managed disks Assignment*.
63-
- **Policy** – The policy definition ID, based on which you're using to create the assignment. In this case, it's the ID of policy definition *Audit VMs that do not use managed disks*. To get the policy definition ID, run this command:
64-
`az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"`
65-
- **Scope** - A scope determines what resources or grouping of resources the policy assignment gets enforced on. It could range from a subscription to resource groups. Be sure to replace <scope> with the name of your resource group.
63+
- **Name** - The actual name of the assignment. For this example, *audit-vm-manageddisks* was used.
64+
- **DisplayName** - Display name for the policy assignment. In this case, you're using *Audit VMs
65+
without managed disks Assignment*.
66+
- **Policy** – The policy definition ID, based on which you're using to create the assignment. In
67+
this case, it's the ID of policy definition *Audit VMs that do not use managed disks*. To get the
68+
policy definition ID, run this command: `az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"`
69+
- **Scope** - A scope determines what resources or grouping of resources the policy assignment gets
70+
enforced on. It could range from a subscription to resource groups. Be sure to replace
71+
<scope> with the name of your resource group.
6672

6773
## Identify non-compliant resources
6874

@@ -125,8 +131,8 @@ az policy assignment delete --name 'audit-vm-manageddisks' --scope '/subscriptio
125131
In this quickstart, you assigned a policy definition to identify non-compliant resources in your
126132
Azure environment.
127133

128-
To learn more about assigning policies to validate that new resources are compliant, continue to
129-
the tutorial for:
134+
To learn more about assigning policies to validate that new resources are compliant, continue to the
135+
tutorial for:
130136

131137
> [!div class="nextstepaction"]
132138
> [Creating and managing policies](./tutorials/create-and-manage.md)

articles/governance/policy/assign-policy-portal.md

Lines changed: 38 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -23,42 +23,57 @@ before you begin.
2323

2424
## Create a policy assignment
2525

26-
In this quickstart, you create a policy assignment and assign the *Audit VMs that do not use
27-
managed disks* policy definition.
26+
In this quickstart, you create a policy assignment and assign the *Audit VMs that do not use managed
27+
disks* policy definition.
2828

29-
1. Launch the Azure Policy service in the Azure portal by clicking **All services**, then searching for and selecting **Policy**.
29+
1. Launch the Azure Policy service in the Azure portal by clicking **All services**, then searching
30+
for and selecting **Policy**.
3031

3132
![Search for Policy in All Services](./media/assign-policy-portal/search-policy.png)
3233

33-
1. Select **Assignments** on the left side of the Azure Policy page. An assignment is a policy that has been assigned to take place within a specific scope.
34+
1. Select **Assignments** on the left side of the Azure Policy page. An assignment is a policy that
35+
has been assigned to take place within a specific scope.
3436

3537
![Select Assignments page from Policy Overview page](./media/assign-policy-portal/select-assignments.png)
3638

3739
1. Select **Assign Policy** from the top of the **Policy - Assignments** page.
3840

3941
![Assign a policy definition from Assignments page](./media/assign-policy-portal/select-assign-policy.png)
4042

41-
1. On the **Assign Policy** page, select the **Scope** by clicking the ellipsis and selecting either a management group or subscription. Optionally, select a resource group. A scope determines what resources or grouping of resources the policy assignment gets enforced on. Then click **Select** at the bottom of the **Scope** page.
43+
1. On the **Assign Policy** page, select the **Scope** by clicking the ellipsis and selecting either
44+
a management group or subscription. Optionally, select a resource group. A scope determines what
45+
resources or grouping of resources the policy assignment gets enforced on. Then click **Select**
46+
at the bottom of the **Scope** page.
4247

4348
This example uses the **Contoso** subscription. Your subscription will differ.
4449

45-
1. Resources can be excluded based on the **Scope**. **Exclusions** start at one level lower than the level of the **Scope**. **Exclusions** are optional, so leave it blank for now.
50+
1. Resources can be excluded based on the **Scope**. **Exclusions** start at one level lower than
51+
the level of the **Scope**. **Exclusions** are optional, so leave it blank for now.
4652

47-
1. Select the **Policy definition** ellipsis to open the list of available definitions. Azure Policy comes with built-in policy definitions you can use. Many are available, such as:
53+
1. Select the **Policy definition** ellipsis to open the list of available definitions. Azure Policy
54+
comes with built-in policy definitions you can use. Many are available, such as:
4855

4956
- Enforce tag and its value
5057
- Apply tag and its value
5158
- Require SQL Server version 12.0
5259

53-
For a partial list of available built-in policies, see [Policy samples](./samples/index.md).
60+
For a partial list of available built-in policies, see [Azure Policy samples](./samples/index.md).
5461

55-
1. Search through the policy definitions list to find the *Audit VMs that do not use managed disks* definition. Click on that policy and click **Select**.
62+
1. Search through the policy definitions list to find the *Audit VMs that do not use managed disks*
63+
definition. Click on that policy and click **Select**.
5664

5765
![Find the correct policy definition](./media/assign-policy-portal/select-available-definition.png)
5866

59-
1. The **Assignment name** is automatically populated with the policy name you selected, but you can change it. For this example, leave *Audit VMs that do not use managed disks*. You can also add an optional **Description**. The description provides details about this policy assignment. **Assigned by** will automatically fill based on who is logged in. This field is optional, so custom values can be entered.
67+
1. The **Assignment name** is automatically populated with the policy name you selected, but you can
68+
change it. For this example, leave *Audit VMs that do not use managed disks*. You can also add an
69+
optional **Description**. The description provides details about this policy assignment.
70+
**Assigned by** will automatically fill based on who is logged in. This field is optional, so
71+
custom values can be entered.
6072

61-
1. Leave **Create a Managed Identity** unchecked. This box _must_ be checked when the policy or initiative includes a policy with the [deployIfNotExists](./concepts/effects.md#deployifnotexists) effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [how remediation security works](./how-to/remediate-resources.md#how-remediation-security-works).
73+
1. Leave **Create a Managed Identity** unchecked. This box _must_ be checked when the policy or
74+
initiative includes a policy with the [deployIfNotExists](./concepts/effects.md#deployifnotexists)
75+
effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see
76+
[managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [how remediation security works](./how-to/remediate-resources.md#how-remediation-security-works).
6277

6378
1. Click **Assign**.
6479

@@ -88,26 +103,30 @@ result is either compliant or non-compliant.
88103
| New | Audit, AuditIfNotExist\* | True | Non-Compliant |
89104
| New | Audit, AuditIfNotExist\* | False | Compliant |
90105

91-
\* The Append, DeployIfNotExist, and AuditIfNotExist effects require the IF statement to be TRUE. The effects also require the existence condition to be FALSE to be non-compliant. When TRUE, the IF condition triggers evaluation of the existence condition for the related resources.
106+
\* The Append, DeployIfNotExist, and AuditIfNotExist effects require the IF statement to be TRUE.
107+
The effects also require the existence condition to be FALSE to be non-compliant. When TRUE, the IF
108+
condition triggers evaluation of the existence condition for the related resources.
92109

93110
## Clean up resources
94111

95112
To remove the assignment created, follow these steps:
96113

97-
1. Select **Compliance** (or **Assignments**) in the left side of the Azure Policy page and locate the **Audit VMs that do not use managed disks** policy assignment you created.
114+
1. Select **Compliance** (or **Assignments**) in the left side of the Azure Policy page and locate
115+
the **Audit VMs that do not use managed disks** policy assignment you created.
98116

99-
1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete assignment**
117+
1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete
118+
assignment**
100119

101120
![Delete an assignment from the Compliance page](./media/assign-policy-portal/delete-assignment.png)
102121

103122
## Next steps
104123

105-
In this quickstart, you assigned a policy definition to a scope and evaluated its compliance
106-
report. The policy definition validates that all the resources in the scope are compliant and
107-
identifies which ones aren't.
124+
In this quickstart, you assigned a policy definition to a scope and evaluated its compliance report.
125+
The policy definition validates that all the resources in the scope are compliant and identifies
126+
which ones aren't.
108127

109-
To learn more about assigning policies to validate that new resources are compliant, continue to
110-
the tutorial for:
128+
To learn more about assigning policies to validate that new resources are compliant, continue to the
129+
tutorial for:
111130

112131
> [!div class="nextstepaction"]
113132
> [Creating and managing policies](./tutorials/create-and-manage.md)

articles/governance/policy/assign-policy-powershell.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,11 @@ before you begin.
2727

2828
- Before you start, make sure that the latest version of Azure PowerShell is installed. See [Install Azure PowerShell module](/powershell/azure/install-az-ps)
2929
for detailed information.
30-
- Register the Policy Insights resource provider using Azure PowerShell. Registering the resource
31-
provider makes sure that your subscription works with it. To register a resource provider, you
32-
must have permission to the register resource provider operation. This operation is included in
33-
the Contributor and Owner roles. Run the following command to register the resource provider:
30+
- Register the Azure Policy Insights resource provider using Azure PowerShell. Registering the
31+
resource provider makes sure that your subscription works with it. To register a resource
32+
provider, you must have permission to the register resource provider operation. This operation is
33+
included in the Contributor and Owner roles. Run the following command to register the resource
34+
provider:
3435

3536
```azurepowershell-interactive
3637
# Register the resource provider if it's not already registered

articles/governance/policy/assign-policy-template.md

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ before you begin.
2323
## Create a policy assignment
2424

2525
In this quickstart, you create a policy assignment and assign a built-in policy definition called
26-
*Audit VMs that do not use managed disks*. For a partial list of available built-in policies, see [Policy samples](./samples/index.md).
26+
*Audit VMs that do not use managed disks*. For a partial list of available built-in policies, see [Azure Policy samples](./samples/index.md).
2727

2828
There are several methods for creating policy assignments. In this quickstart, you use a
2929
[quickstart template](https://azure.microsoft.com/resources/templates/101-azurepolicy-assign-builtinpolicy-resourcegroup/).
@@ -54,10 +54,12 @@ Here is a copy of the template:
5454

5555
Some additional resources:
5656

57-
- To find more samples templates, see [Azure Quickstart template](https://azure.microsoft.com/resources/templates/?resourceType=Microsoft.Authorization&pageNumber=1&sort=Popular).
57+
- To find more samples templates, see
58+
[Azure Quickstart template](https://azure.microsoft.com/resources/templates/?resourceType=Microsoft.Authorization&pageNumber=1&sort=Popular).
5859
- To see the template reference, go to [Azure template reference](/azure/templates/microsoft.authorization/allversions).
5960
- To learn how to develop Resource Manager templates, see [Azure Resource Manager documentation](/azure/azure-resource-manager/).
60-
- To learn subscription-level deployment, see [Create resource groups and resources at the subscription level](../../azure-resource-manager/deploy-to-subscription.md).
61+
- To learn subscription-level deployment, see
62+
[Create resource groups and resources at the subscription level](../../azure-resource-manager/deploy-to-subscription.md).
6163

6264
## Identify non-compliant resources
6365

@@ -75,9 +77,11 @@ For more information, see [How compliance works](./how-to/get-compliance-data.md
7577

7678
To remove the assignment created, follow these steps:
7779

78-
1. Select **Compliance** (or **Assignments**) in the left side of the Azure Policy page and locate the **Audit VMs that do not use managed disks** policy assignment you created.
80+
1. Select **Compliance** (or **Assignments**) in the left side of the Azure Policy page and locate
81+
the **Audit VMs that do not use managed disks** policy assignment you created.
7982

80-
1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete assignment**.
83+
1. Right-click the **Audit VMs that do not use managed disks** policy assignment and select **Delete
84+
assignment**.
8185

8286
![Delete an assignment from the compliance overview page](./media/assign-policy-template/delete-assignment.png)
8387

@@ -87,8 +91,8 @@ In this quickstart, you assigned a built-in policy definition to a scope and eva
8791
compliance report. The policy definition validates that all the resources in the scope are compliant
8892
and identifies which ones aren't.
8993

90-
To learn more about assigning policies to validate that new resources are compliant, continue to
91-
the tutorial for:
94+
To learn more about assigning policies to validate that new resources are compliant, continue to the
95+
tutorial for:
9296

9397
> [!div class="nextstepaction"]
9498
> [Creating and managing policies](./tutorials/create-and-manage.md)

0 commit comments

Comments
 (0)