- Policy definitions are stored in the
policies\definitionsfolder. - Policy initiatives are stored in the
policies\initiativesfolder. - Assignments are stored in the
policies\assignmentsfolder. Policy assignments are an ARM template which also contains an RBAC resource. - There are scripts to deploy the policy definitions and assignments.
- The
globals.jsonfile contains some global settings for deployment.
- Ensure the following software pre-requisites are available
- PowerShell 7
- PowerShell Az Modules
- Bicep
- Fill out the details in the
globals.jsonfile. The top level management group is the group which the policy definitions are deployed. - The policy initiatives need to have the management group name changed. Perform a search and replace on the files in
policies\initiativesfolder and replacecontosowith your management group. - Rename the folder under the
policies\assignmentsto match your management group e.g. rename thecontosofolder. - Run the
deploy-PolicyObjects.ps1script to deploy the policies. Note this may fail the first time due to a delay between the policy being deployed and being available to include in the initiative. If this happens simply run the script again. - Ensure that the details are completed for the parameter files in the
policies\assignmentsfolder. You will need to provide a Log Analytics workspace resource ID's and storage account ID's for NSG flow log policies. Examples are provided to make this policy work in Australia East and Australia Southeast - if other regions are required you will need to modify the initiative and assignment accordingly. - Run the
deploy-policyAssignments.ps1script to deploy the policy assignments.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent