Learn how to list noncompliant Azure resources in the Azure Security Center dashboard. Follow a step-by-step guide to achieve compliance and bolster your Azure security.
Table of Contents
Question
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings:
- Definition location: Tenant Root Group
- Category: Monitoring
You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.
What should you do first?
A. Change the Category of Policy1 to Security Center.
B. Add Policy1 to a custom initiative.
C. Change the Definition location of Policy1 to Sub1.
D. Assign Policy1 to Sub1.
Answer
D. Assign Policy1 to Sub1.
Explanation
The correct answer is D. Assign Policy1 to Sub1.
To ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard, you need to assign Policy1 to Sub1. A policy assignment is the application of a policy definition to a scope, such as a subscription or a resource group. A policy assignment determines how the policy definition affects the resources within the scope. When you assign a policy definition to a scope, Azure Policy evaluates the resources for compliance and generates compliance reports.
Azure Security Center is a service that provides unified security management and advanced threat protection for your cloud resources. Azure Security Center monitors the compliance state of your resources based on the policy definitions that are assigned to your subscriptions. Azure Security Center also provides recommendations and alerts for improving your security posture and mitigating potential threats.
By default, Azure Security Center assigns a built-in initiative named [ASC Default] (Subscription: {subscription name}) to each subscription that is registered with Security Center. This initiative contains several policy definitions that are related to security and compliance best practices, such as enabling encryption, auditing, and monitoring. You can view the compliance state of your resources based on this initiative in the Security Center dashboard.
However, if you want to monitor the compliance state of your resources based on a custom policy definition, such as Policy1, you need to assign it to your subscription. This way, Azure Security Center can evaluate your resources against Policy1 and list the noncompliant resources in the Security Center dashboard. You can also use the Compliance blade in Security Center to view the details of your policy assignments and compliance reports.
Therefore, to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard, you should first assign Policy1 to Sub1.
Reference
- Azure > Governance > Policy > What is Azure Policy?
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
