Using Azure Policies to Monitor Compliance
Monitoring Azure resources in Kion gives you visibility into detailed finding information, including the region, resource group, policy information, and more. You can also view your Azure policy compliance findings alongside your Cloud Custodian findings, so you can view compliance across policy types and cloud providers.
In Kion, Azure policy definitions have two primary uses: enforcement rules and compliance monitoring. Our Azure Policies Guide covers the creation and use of policies to enforce rules for your Azure resources.
When using Azure policies for compliance, you can use an Azure-specific language to create customizable compliance checks for Azure resources. You can also leverage code you already have in your Azure portal for auditing and easily import Azure's built-in policies.
If you are building new compliance policies, Cloud Custodian policies work with multiple cloud providers and include support for automatic remediation. Azure policies do not. If you use multiple cloud providers, using Cloud Custodian may reduce the number of policies you need to write. For more information, see Writing Cloud Custodian Compliance Policies.
Writing Azure Policy JSON
The policy below monitors for the creation of non-HIPAA-compliant services. You can use this example as a guideline to write your Azure policies for compliance. Simply change the policy parameters and rules/conditions to suit your needs. When writing your own policies, see Microsoft's article Azure Policy Definition Structure to make sure the properties and values you use are supported.
For more example policies, see Microsoft's article Azure Policy Sampels.
Applying Azure Policies through Kion
- Add an Azure policy definition to Kion. Choose one or both of the following:
- Create a new policy using the above information and the information in Azure Policies Guide.
- Import Azure's built-in policies (Built-In Azure Policy Definitions) or import Kion-managed resources (Managed Resources & Compliance Jumpstarts) that contain Azure policy checks.
- Add the Azure policy to the compliance check. Compliance checks contain definitions for compliance that findings are based on (Azure policies). For more information, see Add a Compliance Check.
- Use compliance standards and cloud rules to apply the check to resources. For more information, see Applying Compliance Checks and Standards.