From faecb67985712ec658a1cc6b7fe87eda4d489af8 Mon Sep 17 00:00:00 2001
From: staleycyn <45440075+staleycyn@users.noreply.github.com>
Date: Wed, 7 Jun 2023 06:39:48 -0700
Subject: [PATCH] Add files via upload

---
 ... - Administer Governance and Compliance.md | 138 ++++++++++++++++++
 1 file changed, 138 insertions(+)
 create mode 100644 Instructions/Demos/02 - Administer Governance and Compliance.md

diff --git a/Instructions/Demos/02 - Administer Governance and Compliance.md b/Instructions/Demos/02 - Administer Governance and Compliance.md
new file mode 100644
index 00000000..09ffca4c
--- /dev/null
+++ b/Instructions/Demos/02 - Administer Governance and Compliance.md	
@@ -0,0 +1,138 @@
+---
+
+demo:
+    title: 'Demonstration: Administer Governance and Compliance'
+    module: 'Administer Governance and Compliance'
+---
+
+# 02 - Administer Governance and Compliance
+
+## Configure Subscriptions
+
+This area does not have a formal demonstration. Consider this Quickstart.
+
+[Create an additional Azure subscription](https://docs.microsoft.com/azure/cost-management-billing/manage/create-subscription)
+
+## Configure Azure Policy
+
+In this demonstration, we will work with Azure policies.
+
+[Tutorial: Build policies to enforce compliance - Azure Policy](https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage)
+
+**Assign a policy**
+
+1.  Access the Azure portal.
+
+2.  Search for and select **Policy**.
+
+3.  Select **Assignments** on the left side of the Azure Policy page.
+
+4.  Select **Assign Policy** from the top of the Policy - Assignments page.
+
+5.  Notice the **Scope** which determines what resources or grouping of resources the policy assignment is enforced on.
+
+6.  Select the **Policy definition ellipsis** to open the list of available definitions. Take some time to review the built-in policy definitions.
+
+7.  Search for and select **Allowed locations**. This policy enables you to restrict the locations your organization can specify when deploying resources.
+
+8.  Move the **Parameters** tab and using the drop-down select one or more allowed locations.
+
+9.  Click **Review + create** and then **Create** to create the policy.
+
+**Create and assign an initiative definition**
+
+1.  Return to the Azure Policy page and select **Definitions** under Authoring.
+
+2.  Select **Initiative Definition** at the top of the page.
+
+3.  Provide a **Name** and **Description**.
+
+4.  **Create new** Category.
+
+5.  From the right panel **Add** the **Allowed locations** policy.
+
+6.  Add one additional policy of your choosing.
+
+7.  **Save** your changes and then **Assign** your initiative definition to your subscription.
+
+**Check for compliance**
+
+1.  Return to the Azure Policy service page.
+
+2.  Select **Compliance**.
+
+3.  Review the status of your policy and your definition.
+
+**Check for remediation tasks**
+
+1.  Return to the Azure Policy service page.
+
+2.  Select **Remediation**.
+
+3.  Review any remediation tasks that are listed.
+
+**Remove your policy and initiative (optional)**
+
+1.  Return to the Azure Policy service page.
+
+2.  Select **Assignments**.
+
+3.  Select your **Allowed locations** policy.
+
+4.  Click **Delete assignment**.
+
+5.  Return to the Azure Policy service page.
+
+6.  Select **Initiatives**.
+
+7.  Select your new initiative.
+
+8.  Click **Delete initiative**.
+
+## Configure Role-Based Access Control
+
+In this demonstration, we will learn about role assignments.
+
+[Tutorial: Grant a user access to Azure resources using the Azure portal - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)
+
+[Quickstart - Check access for a user to Azure resources - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/check-access)
+
+**Locate Access Control blade**
+
+1.  Access the Azure portal and select a resource group. Make a note of what resource group you use.
+
+2.  Select the **Access Control (IAM)** blade.
+
+3.  This blade will be available for many different resources so you can control permissions.
+
+**Review role permissions**
+
+1.  Select the **Roles** tab (top).
+
+2.  Review the large number of built-in roles that are available.
+
+3.  Double-click a role, and then select **Permissions** (top).
+
+4.  Continue drilling into the role until you can view the **Read, Write, and Delete** actions for that role.
+
+5.  Return to the **Access Control (IAM)** blade.
+
+**Add a role assignment**
+
+1.  Create a user.
+
+2.  Select **Add role assignment**.
+
+    -   **Role**: *Owner*
+
+    -   **Select**: *Managers*
+
+    -   **Save** your changes.
+
+3.  Select **Check access**.
+
+4.  Select the user.
+
+5.  Notice the user is part of the **Managers** group and is an **Owner**.
+
+6.  Notice that you can **Deny assignments**.
\ No newline at end of file