Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:alt:azure_policy [2023/02/06 20:19] – mmuze | azure:az-500:alt:azure_policy [2023/02/06 20:43] (current) – [Azure Policy] mmuze | ||
|---|---|---|---|
| Line 8: | Line 8: | ||
| * By default policies apply to the scope where they are applied and all child scopes, but scopes can be excluded | * By default policies apply to the scope where they are applied and all child scopes, but scopes can be excluded | ||
| * Policies can be applied at all levels of scope supported by Azure (i.e. management group, subscription, | * Policies can be applied at all levels of scope supported by Azure (i.e. management group, subscription, | ||
| + | * //Azure Policy// is the mechanism that powers **//Azure Security Center//** findings | ||
| ===== Three Pillars ===== | ===== Three Pillars ===== | ||
| * real-time enforcement and compliance assessment | * real-time enforcement and compliance assessment | ||
| Line 31: | Line 31: | ||
| * **Audit**—Audit is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn' | * **Audit**—Audit is used to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn' | ||
| * **Deny**—The deny action prevents the creation/ | * **Deny**—The deny action prevents the creation/ | ||
| + | * **DeployIfNotExists**—A template deployment occurs if there are no related resources or if the resources defined by ExistenceCondition don't evaluate to true. | ||