Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Management groups in Microsoft Azure solve the problem of needing to impose governance policy on more than one Azure subscription simultaneously.
However, you need to use an initiative, not a resource graph to bundle the policy definitions into a group that can be applied to the management group.
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/Yes, the proposed solution meets the goal of deploying policy definitions as a group to all three subscriptions.
Azure Security Center (ASC) is a unified security management system that provides advanced threat protection across hybrid cloud workloads. ASC provides security recommendations based on best practices, and it also provides several built-in and custom policy definitions to help you assess the compliance of your Azure resources against industry standards and regulations.
One of the features of Azure Policy is the ability to create policy sets, which is a group of policies that are evaluated together as a single unit. Policy sets help to simplify policy management by enabling you to deploy multiple policies at once. When you deploy a policy set, all the policies within the set are evaluated together, and the compliance status of each policy is reported individually.
To deploy the policy definitions as a group to all three subscriptions, the proposed solution suggests creating a resource graph and an assignment that is scoped to a management group. Resource Graph is a powerful tool that enables you to query your Azure resources using Azure Resource Manager (ARM) templates syntax. It allows you to collect information about your resources and perform complex queries across your subscriptions and management groups.
When you create a policy assignment, you can use Resource Graph to target a set of resources across your subscriptions and management groups. You can also use Resource Graph queries to create dynamic groups, which are a set of resources that share common characteristics. By creating a policy assignment that is scoped to a management group, the policy set is deployed to all the subscriptions that are under that management group. This approach saves time and ensures consistency in policy enforcement across all subscriptions.
In summary, the proposed solution of creating a resource graph and an assignment that is scoped to a management group is an effective way to deploy policy definitions as a group to all three Azure subscriptions.