This project demonstrates governance and compliance enforcement using Azure Policy. The lab focuses on creating, assigning, and managing policies and initiatives to ensure Azure resources align with organizational standards.
Overview: This lab demonstrates how to use Azure Policy to enforce governance standards and compliance requirements across your Azure resources. By defining and assigning policies, you can ensure resources align with your organization's governance goals.
Prerequisites: ✅ Active Azure subscription with Policy access (Free account, Student account, or paid subscription). ✅ Owner, Contributor, or Resource Policy Contributor role in the subscription. ✅ Understanding Azure Policy concepts (definitions, assignments, and initiatives). ✅ Access to resource groups or individual resources within the subscription.
High-Level Steps with Explanations:
1. Assigned tags via the Azure portal: I began by manually assigning tags to resources in the Azure portal. Tags are key-value pairs that help me organize and manage resources, making tracking costs easier, identifying ownership, and grouping resources based on purpose or environment (e.g., "Environment: Production").
2. Enforced tagging via an Azure Policy: To ensure consistency, I created and assigned an Azure Policy that enforces tagging on all newly created resources. This way, any resource deployed without the required tags will be marked as non-compliant, helping maintain governance standards automatically.
3. Applied tagging via an Azure policy: I used an Azure Policy to automatically add required tags to resources if they were created without them. This policy saved time and reduced manual errors by ensuring every resource complies with tagging requirements, even if tags are forgotten during creation.
4. Configured and tested resource locks: I configured resource locks to prevent accidental deletion or modification of critical resources. By testing these locks, I ensured that even with elevated permissions, unauthorized changes are blocked unless the lock is intentionally removed, enhancing resource stability and security.
Reference Link(s):