Lab 2B: Manage Governance via Azure Policy

 

Task 1: Create and assign tags via the Azure portal.

Task 2: Enforce tagging via an Azure Policy.

驚人滾動條.... 超級多

https://learn.microsoft.com/azure/governance/policy/samples/built-in-policies

{

  "properties": {

    "displayName": "Require a tag and its value on resources",

    "policyType": "BuiltIn",

    "mode": "Indexed",

    "description": "Enforces a required tag and its value. Does not apply to resource groups.",

    "metadata": {

      "version": "1.0.1",

      "category": "Tags"

    },

    "version": "1.0.1",

    "parameters": {

      "tagName": {

        "type": "String",

        "metadata": {

          "displayName": "Tag Name",

          "description": "Name of the tag, such as 'environment'"

        }

      },

      "tagValue": {

        "type": "String",

        "metadata": {

          "displayName": "Tag Value",

          "description": "Value of the tag, such as 'production'"

        }

      }

    },

    "policyRule": {

      "if": {

        "not": {

          "field": "[concat('tags[', parameters('tagName'), ']')]",

          "equals": "[parameters('tagValue')]"

        }

      },

      "then": {

        "effect": "deny"

      }

    }

  },

  "id": "/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62/versions/1.0.1",

  "type": "Microsoft.Authorization/policyDefinitions/versions",

  "name": "1.0.1"

}

命名Storage account name

Task 3: Apply tagging via an Azure Policy.

等10~15分鐘後生效再接續

Go to resource

Task 4: Configure and test resource locks.

Azure 內建Copilot

What are the Azure PowerShell and CLI commands for adding and deleting resource locks on a resource group?

Tabulate the differences between Azure policy and Azure RBAC, include examples.

What are the steps to enforce Azure policy and remediate resources which are not compliant?

How can I get a report of Azure resources with specific tags?