azure:az-500:alt:azure_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
azure:az-500:alt:azure_policy [2022/07/23 13:15] – created mmuzeazure:az-500:alt:azure_policy [2023/02/06 20:43] (current) – [Azure Policy] mmuze
Line 8: Line 8:
   * By default policies apply to the scope where they are applied and all child scopes, but scopes can be excluded   * By default policies apply to the scope where they are applied and all child scopes, but scopes can be excluded
   * Policies can be applied at all levels of scope supported by Azure (i.e. management group, subscription, resource group, resource). but the policies themselves are defined at either a subscription of management group level.   * Policies can be applied at all levels of scope supported by Azure (i.e. management group, subscription, resource group, resource). but the policies themselves are defined at either a subscription of management group level.
 +  * //Azure Policy// is the mechanism that powers **//Azure Security Center//** findings
 ===== Three Pillars ===== ===== Three Pillars =====
   * real-time enforcement and compliance assessment   * real-time enforcement and compliance assessment
Line 27: Line 27:
   * Deploy related compliant resources   * Deploy related compliant resources
  
 +====== Policy Effects ======
 +  * **Append**—Adds fields to a resource during the creation/updating of the resource
 +  * **Audit**—Audit is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request.
 +  * **Deny**—The deny action prevents the creation/updating of a resource that does not meet specified conditions.
 +  * **DeployIfNotExists**—A template deployment occurs if there are no related resources or if the resources defined by ExistenceCondition don't evaluate to true.
  • azure/az-500/alt/azure_policy.1658582109.txt.gz
  • Last modified: 2022/07/23 13:15
  • by mmuze