Introduction

To pass the AZ-104 exam, you have to finish several live online lab tests. This article focuses on an exercise about password governance using Azure Policy. We will create and assign a custom initiative to ensure compliance with your organization's password policies.

Azure Policy Overview

Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost management, and overall resource management. For more information, refer to the Azure Policy Overview.

Prerequisite

The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition.

Steps

Step 1: Search for Policy
Use the search bar at the top of the Azure portal to search for "Policy".

Step 2: Click on Definitions
Select "Definitions" from the Policy section.

Step 3: Click on Initiative Definition
Navigate to "Initiative definition."

Step 4: Create Initiative Definition
In the Basics tab:

Name Policy: PasswordGoverning
Select: Use existing -> Guest Configuration

In the Policies tab:

Click "Add policy definition(s)"

Select the policies relevant to password governance

Click "Add"

Click "Review + create"
Click "Create"

Note: The difference between AuditIfNotExists and DeployIfNotExists is significant. The former serves as a warning, while the latter actively triggers remediation tasks.

Step 5: Go to Assignments
Navigate to the "Assignments" section.

Step 6: Assign Initiative
Click "Assign initiative."

In the Basics tab:

Assign the custom policy "PasswordGoverning" to resource group "RGroup1".

For the scope, you can include:

1. Management groups
2. Subscriptions
3. Resource groups
4. Individual resources (using Exclusions)

In the Remediation tab:

You can apply a remediation task once the assignment is complete.

Click "Create a remediation task."

Click "Review + create."

Step 7: Assignment Completed
The assignment process is now complete.

Final Step
Check the status of your remediation task.

Navigate to the "Policy".
Click "Remediation".

Conclusion

In this exercise, we successfully created and assigned an Azure Policy initiative focused on password governance. By leveraging Azure Policy, we can ensure compliance with our organizational standards, enhance security, and maintain resource consistency across our Azure environment. Regular monitoring and remediation tasks will help keep our resources compliant and secure. Good luck with your AZ-104 exam preparation!