From 07d54f83b6069a644bddeb6ab38c3cfbebe1e3d5 Mon Sep 17 00:00:00 2001 From: staleycyn <45440075+staleycyn@users.noreply.github.com> Date: Fri, 10 May 2024 07:26:33 -0700 Subject: [PATCH] Update LAB_02b-Manage_Governance_via_Azure_Policy.md --- .../Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md b/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md index 01a12652..09998a84 100644 --- a/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md +++ b/Instructions/Labs/LAB_02b-Manage_Governance_via_Azure_Policy.md @@ -248,7 +248,7 @@ Copilot can assist you in learning how to use the Azure scripting tools. Copilot ## Learn more with self-paced training + [Design an enterprise governance strategy](https://learn.microsoft.com/training/modules/enterprise-governance/). Use RBAC and Azure Policy to limit access to your Azure solutions, and determine which method is right for your security goals. - + ## Key takeaways Congratulations on completing the lab. Here are the main takeaways for this lab. @@ -257,4 +257,5 @@ Congratulations on completing the lab. Here are the main takeaways for this lab. + Azure Policy establishes conventions for resources. Policy definitions describe resource compliance conditions and the effect to take if a condition is met. A condition compares a resource property field or a value to a required value. There are many built-in policy definitions and you can customize the policies. + The Azure Policy remediation task feature is used to bring resources into compliance based on a definition and assignment. Resources that are non-compliant to a modify or deployIfNotExist definition assignment, can be brought into compliance using a remediation task. + You can configure a resource lock on a subscription, resource group, or resource. The lock can protect a resource from accidental user deletions and modifications. The lock overrides any user permissions. -+ Azure Policy is pre-deployment security practice. RBAC and resource locks are post-deployment security practice. ++ Azure Policy is pre-deployment security practice. RBAC and resource locks are post-deployment security practice. +