This area does not have a formal demonstration. Consider this Quickstart.
[Create an additional Azure subscription](https://docs.microsoft.com/azure/cost-management-billing/manage/create-subscription)
## Configure Azure Policy
In this demonstration, we will work with Azure policies.
[Tutorial: Build policies to enforce compliance - Azure Policy](https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage)
**Assign a policy**
1. Access the Azure portal.
2. Search for and select**Policy**.
3. Select**Assignments**on the left side of the Azure Policy page.
4. Select**Assign Policy**from the top of the Policy - Assignments page.
5. Notice the**Scope**which determines what resources or grouping of resources the policy assignment is enforced on.
6. Select the**Policy definition ellipsis**to open the list of available definitions. Take some time to review the built-in policy definitions.
7. Search for and select**Allowed locations**. This policy enables you to restrict the locations your organization can specify when deploying resources.
8. Move the**Parameters**tab and using the drop-down select one or more allowed locations.
9. Click**Review + create**and then**Create**to create the policy.
**Create and assign an initiative definition**
1. Return to the Azure Policy page and select**Definitions**under Authoring.
2. Select**Initiative Definition**at the top of the page.
3. Provide a**Name**and**Description**.
4.**Create new**Category.
5. From the right panel**Add**the**Allowed locations**policy.
6. Add one additional policy of your choosing.
7.**Save**your changes and then**Assign**your initiative definition to your subscription.
**Check for compliance**
1. Return to the Azure Policy service page.
2. Select**Compliance**.
3. Review the status of your policy and your definition.
**Check for remediation tasks**
1. Return to the Azure Policy service page.
2. Select**Remediation**.
3. Review any remediation tasks that are listed.
**Remove your policy and initiative (optional)**
1. Return to the Azure Policy service page.
2. Select**Assignments**.
3. Select your**Allowed locations**policy.
4. Click**Delete assignment**.
5. Return to the Azure Policy service page.
6. Select**Initiatives**.
7. Select your new initiative.
8. Click**Delete initiative**.
## Configure Role-Based Access Control
In this demonstration, we will learn about role assignments.
[Tutorial: Grant a user access to Azure resources using the Azure portal - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)
[Quickstart - Check access for a user to Azure resources - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/check-access)
**Locate Access Control blade**
1. Access the Azure portal and select a resource group. Make a note of what resource group you use.
2. Select the**Access Control (IAM)**blade.
3. This blade will be available for many different resources so you can control permissions.
**Review role permissions**
1. Select the**Roles**tab (top).
2. Review the large number of built-in roles that are available.
3. Double-click a role, and then select**Permissions**(top).
4. Continue drilling into the role until you can view the**Read, Write, and Delete**actions for that role.
5. Return to the**Access Control (IAM)**blade.
**Add a role assignment**
1. Create a user.
2. Select**Add role assignment**.
-**Role**:*Owner*
-**Select**:*Managers*
-**Save**your changes.
3. Select**Check access**.
4. Select the user.
5. Notice the user is part of the **Managers** group and is an **Owner**.
