more azure

Azure Initiative.md

@@ -0,0 +1,62 @@
+To assign multiple polices at once we can use Initiative.
+
+In [[Azure Policy]], navigate to the Definitions and select initiative definition:
+
+![[Pasted image 20240715112425.png]]
+
+Select the location, name, and create a new category for the initiative:
+
+![[Pasted image 20240715112249.png]]
+
+
+For this example we will add four policies:
+```
+Require a tag and its value on resources
+Allowed virtual machine size SKUs
+Allowed resource types
+Inherit a tag from the resource group
+```
+
+![[Pasted image 20240715114857.png]]
+
+In the Groups section, create two groups:
+
+![[Pasted image 20240715115246.png]]
+
+Go back into the Policies sections and at the three dots select edit groups and assign the policies to the correct group:
+
+![[Pasted image 20240715115421.png]]
+
+In the Policy parameters, assign the values required for the initiative. ie. virtualMachines, staticSites, and storageAccounts:
+
+![[Pasted image 20240715123209.png]]
+
+Once done, Review and Create the initiative.
+
+Navigate back to the Definitions blade in [[Azure Policy]]. It will take a while to load:
+
+![[Pasted image 20240715123622.png]]
+
+Click on the Initiative and select the Assign initiative button:
+
+![[Pasted image 20240715125238.png]]
+
+Select the scope of the initiative and Create:
+
+![[Pasted image 20240715125909.png]]
+
+As we can see here, there is one policy that is showing non compliant:
+
+![[Pasted image 20240716090518.png]]
+
+The resources in the resource group is missing a tag so we can add it to the resources to remain compliant:
+
+![[Pasted image 20240716090702.png]]
+
+After a while, we can see the Initiative now shows everything as compliant:
+
+![[Pasted image 20240716131956.png]]
+
+We can also see the initiative in action when attempting to create a Log Analytics Workspace:
+
+![[Pasted image 20240716091238.png]]

content/2 Azure Services/Azure Policy.md

@@ -0,0 +1,31 @@
+Policies allow administrators to forbid the creation of resources or remain compliant with certain regulations.
+
+If you want to assign multiple policies check out [[Azure Initiative]]
+Navigate to Azure Policy and under Definitions:
+
+![[Pasted image 20240715093310.png]]
+
+For this example, we will be using the 'Allowed locations':
+
+![[Pasted image 20240715093354.png]]
+
+Select 'Assign policy':
+
+![[Pasted image 20240715093520.png]]
+
+Select the scope and optionally add exclusions to the policy if you need to:
+
+![[Pasted image 20240715094145.png]]
+
+In the Parameters tab, select the location where you will allow resources to be created:
+
+![[Pasted image 20240715095631.png]]
+
+Select create and now the policy has been assigned. 
+
+If we try to create a resource outside of West US, we are denied:
+
+![[Pasted image 20240715100106.png]]
+
+
+

content/2 Azure Services/Azure Resource Locks.md

@@ -0,0 +1,23 @@
+We can prevent accidental changes to resources by placing a resource locks. 
+
+There are two types of locks, Delete and Read-Only.
+
+## Delete Lock
+Navigate to the resource you want to place a lock on and under the Settings, click on the Locks blade and click on the Add button:
+
+![[Pasted image 20240716133402.png]]
+
+Give it a name and specify the lock type, you can add additional notes if you'd like:
+
+![[Pasted image 20240716133126.png]]
+
+Once you hit OK, you will now have a delete lock, this will prevent users from deleting the resource but can still change configurations.
+
+## Read-Only
+
+We will repeat the steps above and change the lock type to Read-only:
+
+![[Pasted image 20240716133625.png]]
+
+Now users can only view the resource without making any changes. 
+