| title | description | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|
Compliance using Azure Policy | Assign built-in policies in Azure Policy to audit compliance of your Azure SignalR Service resources. | vicancy | azure-signalr-service | how-to | 07/18/2022 | lianwei |
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
This article introduces built-in policies (preview) for Azure SignalR Service. Use these policies to audit new and existing SignalR resources for compliance.
There are no charges for using Azure Policy.
The following built-in policy definitions are specific to Azure SignalR Service:
[!INCLUDE azure-policy-reference-policies-signalr]
- Assign policy definitions using the Azure portal, Azure CLI, a Resource Manager template, or the Azure Policy SDKs.
- Scope a policy assignment to a resource group, a subscription, or an Azure management group. SignalR policy assignments apply to existing and new SignalR resources within the scope.
- Enable or disable policy enforcement at any time.
Note
After you assign or update a policy, it takes some time for the assignment to be applied to resources in the defined scope. See information about policy evaluation triggers.
Access compliance information generated by your policy assignments using the Azure portal, Azure command-line tools, or the Azure Policy SDKs. For details, see Get compliance data of Azure resources.
When a resource is non-compliant, there are many possible reasons. To determine the reason or to find the change responsible, see Determine non-compliance.
Select All services, and search for Policy.
Select Compliance.
Use the filters to limit compliance states or to search for policies
Select a policy to review aggregate compliance details and events. If desired, then select a specific SignalR for resource compliance.
You can also use the Azure CLI to get compliance data. For example, use the az policy assignment list command in the CLI to get the policy IDs of the Azure SignalR Service policies that are applied:
az policy assignment list --query "[?contains(displayName,'SignalR')].{name:displayName, ID:id}" --output table Sample output:
Name ID ------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- [Preview]: Azure SignalR Service should use private links /subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.Authorization/policyAssignments/<assignmentId> Then run az policy state list to return the JSON-formatted compliance state for all resources under a specific resource group:
az policy state list --g <resourceGroup> Or run az policy state list to return the JSON-formatted compliance state of a specific SignalR resource:
az policy state list \ --resource /subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/Microsoft.SignalRService/SignalR/<resourceName> \ --namespace Microsoft.SignalRService \ --resource-group <resourceGroup> Learn more about Azure Policy definitions and effects
Create a custom policy definition
Learn more about governance capabilities in Azure
