Azurecloud~30 mins

Policy assignments and compliance in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Azure Policy Assignments and Compliance

📖 Scenario: You are working as a cloud administrator for a company that wants to enforce rules on their Azure resources. You will create a policy assignment to ensure all storage accounts have secure transfer enabled. Then, you will check the compliance state of this policy assignment.

🎯 Goal: Build an Azure policy assignment for secure transfer on storage accounts and retrieve its compliance state.

📋 What You'll Learn

Create a policy assignment named secureTransferAssignment for the built-in policy definition Storage accounts should enable secure transfer.

Assign the policy to the resource group myResourceGroup.

Retrieve the compliance state of the policy assignment.

💡 Why This Matters

🌍 Real World

Companies use Azure Policy assignments to enforce rules and standards on their cloud resources automatically.

💼 Career

Cloud administrators and engineers must create and manage policy assignments to ensure compliance and governance in Azure environments.

Progress0 / 4 steps

Create the policy assignment JSON structure

Create a JSON object called policyAssignment with the following keys and values: name set to secureTransferAssignment, scope set to /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup, and policyDefinitionId set to /providers/Microsoft.Authorization/policyDefinitions/StorageAccountsShouldEnableSecureTransfer.

Azure

# Your code here to create the policyAssignment JSON object

Need a hint?

Use a Python dictionary to create the JSON structure with exact keys and values.

Add a location property to the policy assignment

Add a key location with the value eastus to the existing policyAssignment dictionary.

Azure

policyAssignment = {
    "name": "secureTransferAssignment",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/StorageAccountsShouldEnableSecureTransfer"
}
# Add the location key with value 'eastus' to policyAssignment

Need a hint?

Add the location key inside the policyAssignment dictionary with the exact value eastus.

Create a compliance state retrieval structure

Create a dictionary called complianceQuery with the key policyAssignmentName set to secureTransferAssignment and the key resourceGroup set to myResourceGroup.

Azure

policyAssignment = {
    "name": "secureTransferAssignment",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/StorageAccountsShouldEnableSecureTransfer",
    "location": "eastus"
}
# Create complianceQuery dictionary with policyAssignmentName and resourceGroup keys

Need a hint?

Use a dictionary with the exact keys and values to represent the compliance query.

Add a filter for compliance state 'NonCompliant'

Add a key filter with the value complianceState eq 'NonCompliant' to the complianceQuery dictionary.

Azure

policyAssignment = {
    "name": "secureTransferAssignment",
    "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup",
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/StorageAccountsShouldEnableSecureTransfer",
    "location": "eastus"
}

complianceQuery = {
    "policyAssignmentName": "secureTransferAssignment",
    "resourceGroup": "myResourceGroup"
}
# Add filter key with value "complianceState eq 'NonCompliant'" to complianceQuery

Need a hint?

Add the filter key with the exact string value to the complianceQuery dictionary.