To view policy compliance status against assigned definitions, you can select the Compliance menu on the Policy blade and note the compliance on the right-hand side.Compliance is reflected in a percentage (%) form to understand compliance effectiveness. Note that newly applied policies may take several minutes to be applied, as well as for compliance to be reflected. Typically, policies take about 30 minutes to apply, while compliance may take several hours.
The following screenshot provides an example of policy compliance within an
Azure estate:
Figure 3.33 – Policy compliance overview
Resource compliance can exist in three different states, as outlined here:
- Compliant: A resource conforms to defined policy standards.
- Non-compliant: A resource does not conform to the required policy standard.
- Exempt: A resource has been identified to be exempted from the policy evaluation. This is explicitly defined for an exemption or can’t be evaluated. Exempted resources will still be evaluated in the total compliance rating score.
Diving into any of the line items will provide further details; for this example, we are showing policy compliance for the ASC Default initiative:
Figure 3.34 – Example policy compliance overview
Now that you understand how to view overall compliance within your subscription, you can begin to apply this in your organization and with your customers.
Tip
Policies can be used in conjunction with tags to effect compliance in an organization.
Further reading
That brings this section to an end. In this section, we have learned what Azure policies are, why they are necessary, how they work, how to create a policy definition, how to create a policy initiative, and how to manage and apply policies.
We encourage you to read up further by using the following links:
- Microsoft Azure Policy documentation: https://docs.microsoft.com/ en-us/azure/governance/policy/
- Azure Policy definition structure: https://docs.microsoft.com/en-us/ azure/governance/policy/concepts/definition-structure
- Built-in Azure policy definitions: https://github.com/Azure/azure-policy/tree/master/built-in-policies
Applying and managing tags on resources
Tags are simply name-value pairs and are used to apply taxonomy resources, resource groups, and subscriptions. Tags can assist in several areas for Azure management, primarily in the governance of the platform and cost management. An example of what tags look like on the portal is shown next.
In the following screenshot example, we have these tags:
- Department, with a value of IT
- Owner, with a value of King
You can see the tags here:
Figure 3.35 – Tag example
Tip
Tag names are case-insensitive, and tag values are case-sensitive.
Leave a Reply