Comments (9)
@maheswara321 - Have you tried creating a new subnet? Does the policy add the NSG? Just to make sure the policy is assigned to the right scope. Also, did you try to trigger an on-demand evaluation scan to speed up populating the compliance results (See: Get compliance data of Azure resources)
from community-policy.
Hi Fabian,
Thank you so much for your prompt response.
I just have created a new vnet and in that I had new default subnet that has no NSG. I also have existing vnets with subnets that don't have NSG at all in subscriptions but in both of the cases policy doesn't identify them as non-compliance one , and it is reflecting the status 100% compliance.
Below is the vnet with subnet that doesn't have any NSG.
It is reflecting as 100% compliance as shown below.
Please help me know, am i passing the parameters as wrong? I have tried both the ways like giving new resource group name new NSG name also resource group of vnet that already exists and location.. but it doesn't work anyways.
I am also wondering if there is any deployIfNotExists policy available for this if it doesn't work like this.
Kindly respond on this Fab.
Thank you very much for your support.
Kind regards,
Mahes.
from community-policy.
@maheswara321 - Just did some testing. Seems like the policy does not work anymore. Sorry for the inconvenience. Probably, you want to look for another policy, which can assign NSGs to your subnet.
from community-policy.
Hello @fawohlsc,
Thanks for your response.
Can you please suggest me the working one?
Thank you.
from community-policy.
Hi @fawohlsc,
May I have any response please?
Thank you.
from community-policy.
@maheswara321 - May I ask you to contribute to this repository by fixing the policy modify-subnet-nsg
?
I believe it`s a good starting point and I am missing the bandwidth to fix it myself at the moment.
Many thanks.
from community-policy.
Hi @fawohlsc,
Thanks for responding back.
I am happy to work on these, however currently I am completely oocupied with Info sec work right now. Also these are completely new for us being a SOC analysts. and that's where we were looking for help.
Thanks for understanding.
from community-policy.
@maheswara321 - I fully understand 👍
John Savill has produced some great deep-dive videos around Azure Policy:
Anatomy of Azure Policy
Azure Policy Remediation Deep Dive
Hope they help you on your Azure governance journey!
from community-policy.
Cleaning up old issues (closing)
from community-policy.
Related Issues (20)
- [New] Container Registries enable zone redundancy
- [New] Storage Accounts enable purge protection HOT 1
- [New] Storage Accounts default to OAuth authentication HOT 1
- [New] Storage Accounts block external copy scope HOT 1
- [New] Storage Accounts block deletion HOT 1
- [New] Storage Accounts enable Advanced Threat Protection HOT 1
- [New] Log Analytics Workspace require retention in days
- VM App policy for Scaleset HOT 1
- Azure Policy for DeployIfNotExists for Key Vault not working as expected HOT 10
- Enhance validation script
- Links to Github broken on website HOT 1
- Validate in the pipeline that policy id is not equal to any built-in policies HOT 3
- Undefined Parameter - configurationURL HOT 1
- Typo in deploy-private-endpoint-private-dns-zone-link HOT 1
- Links all broken ? HOT 8
- Incorerct role definition ID for policy "Deploy Resource Lock on RGs - tag exclusion"? HOT 1
- issue Address space must be pre-allocated to region policy HOT 3
- Depandabot Security finding HOT 1
- Bug in policy deploy-sas-expiration-policy-on-storage-account
- contributions: update file extension validation - only accept .json HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from community-policy.