Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard

Published 20 hours ago β€’ verified publisher icon Azure

Policy Doc Updates

Open SharmainePopov opened this issue 3 years ago β€’ 7 comments
trafficstars

I'd like to see a starter pack for Azure Policy that mirrors what is achieved with the automated ALZ deployment. Something the client can access without cruising a repo or deploying a full ALZ. Many client resources dealing with this aren't developers. Also consistency across LZ deployment options (arm blue button, terraform, bicep, pub sec etc.), not sure we get the same set from each deployment.

SharmainePopov avatar Sep 06 '22 17:09 SharmainePopov

Hey @SharmainePopov,

We do have consistency between all ALZ implementation options as the source of truth are the policies in this repo, and we pull them from here into Terraform & Bicep implementations respectively πŸ‘

We can certainly add a link from this page https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md to the ALZ-Bicep Custom Policy Definitions module: https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions as this just allows all the policy definitions from ALZ to be deployed to any Management Group, that can then be used and assigned anywhere as that customer desires.

Does that sound like a good plan?

Let us know and we can action πŸ‘

Thanks

Jack

jtracey93 avatar Sep 06 '22 17:09 jtracey93

Hi That’s good info. I think the clients need something referenced outside the code base, to be honest. It would be great to see it in the ALZ doc set for lay (non coder) people. At least a summary of what could be done and where to go to find out how.

Sharmaine Popov Cloud Solution Architect |Microsoft Canada Inc. | @.@.> | 416-799-0807

From: Jack Tracey @.> Sent: Tuesday, September 6, 2022 1:31 PM To: Azure/Enterprise-Scale @.> Cc: Sharmaine Popov @.>; Mention @.> Subject: Re: [Azure/Enterprise-Scale] Policy (Issue #1035)

Hey @SharmainePopovhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSharmainePopov&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o7yFfm0DMcubvoa6%2BodbwTqSW39tcR3fQhIFWhjGRx4%3D&reserved=0,

We do have consistency between all ALZ implementation options as the source of truth are the policies in this repo, and we pull them from here into Terraform & Bicep implementations respectively πŸ‘

We can certainly add a link from this page https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.mdhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2FESLZ-Policies.md&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VjKIPmf16cEp%2BmToRxHZ9HOkViLJP7cPsQ4wJQM2yaE%3D&reserved=0 to the ALZ-Bicep Custom Policy Definitions module: https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitionshttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FALZ-Bicep%2Ftree%2Fmain%2Finfra-as-code%2Fbicep%2Fmodules%2Fpolicy%2Fdefinitions&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=x5w8E4etydZj7pEnAlSJfiEcW2Tt89xs35orbcAPcn8%3D&reserved=0 as this just allows all the policy definitions from ALZ to be deployed to any Management Group, that can then be used and assigned anywhere as that customer desires.

Does that sound like a good plan?

Let us know and we can action πŸ‘

Thanks

Jack

β€” Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fissues%2F1035%23issuecomment-1238455712&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mbNsiO7NGhdDCnG7ooEYiqGdOz%2FOio%2B4BIK6%2BmGEa%2B8%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAIIVNWRD7FOZC3LYDY6KPJDV455UVANCNFSM6AAAAAAQGAXGBI&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532353464%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Kh1o8Ps07GkdnaiHVIr%2FHDMozleTemq%2B9XjFptWRSzc%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.@.>>

SharmainePopov avatar Sep 06 '22 19:09 SharmainePopov

Trigger ADO Sync 1

jtracey93 avatar Sep 11 '22 07:09 jtracey93

Trigger ADO Sync 2

jtracey93 avatar Sep 11 '22 07:09 jtracey93

Trigger ADO Sync - Re-assigning to @{assignees=System.Object[]; url=https://github.com/Azure/Enterprise-Scale/issues/1035}.assignees[0].login to Ensure ADO Sync Assignee Take Place

jtracey93 avatar Sep 11 '22 09:09 jtracey93

Trigger ADO Sync - Re-assigning to jtracey93 to Ensure ADO Sync Assignee Take Place

jtracey93 avatar Sep 11 '22 09:09 jtracey93

Trigger ADO Sync - Re-assigning to jtracey93 to Ensure ADO Sync Assignee Take Place

jtracey93 avatar Sep 11 '22 09:09 jtracey93