 Hi there, and welcome to another edition of Tuesdays with Corey. Today, I'm going to show you the new policy experience in Azure. Now, policy is so important to be able to configure and manage your environment. So if you want to lock down your environment, say that these guys, let's say, you don't trust Rick like I don't trust Rick, and you want to make sure that he can only do specific things in his environment versus the other environments where maybe you give access to me or someone else, you trust a lot, you can then go give access and control that down. But maybe you want to do policy to entire environments. Good example, if you're connecting back to an on-premises environment and you're saying, look, I need to live up to a specific set of security, whether it's my own defined security or whether it's compliance rules, ISO 27001, whatever it may be, you can now implement a policy or a set of policies that will then lock down your environment and enable you to secure your system in the way that you want to. So the nice thing is that with Azure, with this new experience, you can create these policies, you can put them into groups of policies called initiatives, and you can either audit them or you can actually block based on them. So the nice thing is you can audit them for a period of time and see who's breaking the rules or who's doing things and understand why, and then you can flip it on and say, no, no, no, I'm going to block it. So the nice thing is you can go in here, you can do this for all new deployments and subscription, and you can sign up to try this out on existing ones as well, which will basically suck up all your existing instances too, and apply policy there as you see fit. So I'm going to show you here what I've got here right here in the portal experience and show you a little bit of what this means. So you see here I've got, I'm going to jump right in, I've got a set of policies deployed, I've got a couple initiatives and you can see 21 out of 31 of my initiatives are not compliant. So right here at the top, I can see this view and I can understand what problems that I have. So let me zoom in here and you can see down here, there's a few that are around cost management, there are a few that are around security, there are a few that are auditing, right? And so if I go down here and let's pick one that I particularly like here, let's go to the security for express route. So this is, look, this is connecting into my on-premise environment. So this is important that I get this right, and it lets me see what's not compliant here. So this is an initiative that consists of 11 different compliance rules. Okay, and so if I zoom over here and show you what these look like, they include things like, you cannot have a user to find route on a subnet. Great. Firewall IP filtering has to be enabled. Network security groups must restrict traffic to local subnet so you can't actually be talking out to the internet. Firewall must be applied, Nix must have IP forwarding enabled so that you can make sure intrusion detection is turned on. These sorts of things that allow you to control your environment, right? Only internal load balancers used. And then here's an important one, public IP addresses cannot be used. So this makes sure that these virtual machines are shielded from the public and make sure that they're deployed in this secure way. And you can see here, that is the one that is not compliant. And I have 73 non-compliant resources. And so I can zoom in here and take a look at what this looks like. I can take a look at the instances that are not compliant. And I can zoom into what that looks like and explicitly what resources that looks like. And so this allows me to go see what rules I'm breaking and allows me to go in and make the changes and make the fixes. And so this is a really exciting thing. And so this here, you can see these IP addresses. This allows me to now go fix that problem. Now, if I wanna go show you a little bit of what this even looks like, if I go in here and go into assignments, and I'm actually authoring this instead of just applying it and reviewing it, I can go in here and take a look and show you. So here is express route security. And let me actually click in here. And this has got nine policies. So let me actually view that definition, okay? And so if I click in here and show you what that looks like, this will let me see the definition of this specific initiative. So here you can see I've got the set and they're all listed as audit, right? And so here are some other examples, only resource types of Microsoft.network. No user defined route on any subnet. So again, similar ones that you just saw. But here's what's great. I can now go in and actually say, I'm going to go assign this additional rules and regulations here, right? And so let's go in here and say as part of this, I want to assign this to a specific deployment that I've got, or I want to assign it to a specific resource group that I've got. This will allow me to take this initiative and apply it. So let me go back here and show you what this actually looks like to create. Super easy, if I want to go in here and say, look, I want to go actually assign a policy here, or assign an initiative. Let's go assign a policy, click on this here, and that will take me in and allow me to go see the different policies that I have to choose from. So this is what's cool. Let me show you some of these built-in ones. You can now go define your own, right? You can go build out the template to go define your own, but we've tried to go give you a set of some pre-built ones that will allow you to do this in a really easy way. And you can see actually 190 of these and some of these actually we built here in this account. So audit VMs that don't use managed disks enforce tags and it's value so you can actually enforce a specific tag is applied to anything deployed. You can actually apply a tag and give a default value to it. Things like versioning, SQL Server version 12.0, blob encryption, make sure that you've got, blob encryption turned on, make sure you've got only specific SKUs that you're using. And so you can see like all sorts of different rules and regulations based on your policies and your controls, super easy to set up, really easy UX, apply that, build that, launch that, put it into your environments and you've got now policy and controls like you've never had before. You can now control your environment in ways that before would have been really, really hard to do with just a few flips. And then suddenly your teams can go off and do whatever they want. And yet they're still controlled by your rules, your governance, your expectations. So very, very cool. You can do this at the subscription level. You can do it at the management group level which is our new construct that has multiple subscriptions tied in. And it allows you to manage these in a really, really easy way. So with that, I hope you have fun with policy. It's surprising how much fun policy can be. And I hope you have a good time. Give us some feedback. Let us know what's missing. What else can we do? We're looking to make policy super, super powerful on the platform. So let us know, hit me up with questions, comments, feedback, whatever, hashtag Azure TWC. And with that, go get some policy on, you know what I mean? I don't know, I don't know what I mean sometimes. But that time, I didn't know what I mean. You should go play with this Azure Policy Center. So with that, aka.ms slash get policy and go get some. See ya. Three, two, one. Gabe's here with me too. All right.