This Policy Template will provide a report for the various Regulatory Compliance controls and compliance scores for each Azure Subscription. Optionally, the policy will generate an email notification of this report.
- The policy uses the
Microsoft.Security/regulatoryComplianceStandardsendpoint of the Azure Resource Manager API to get a list of all regulatory compliance standards details and state. - The policy then calculates the compliance score as a percentage with the following formula:
passedControls / (failedControls + skippedControls + passedControls)
- Email Addresses - Email addresses of the recipients you wish to notify when new incidents are created.
- Azure Endpoint - The endpoint to send Azure API requests to. Recommended to leave this at default unless using this policy with Azure China.
- Allow/Deny Subscriptions - Determines whether the Allow/Deny Subscriptions List parameter functions as an allow list (only providing results for the listed subscriptions) or a deny list (providing results for all subscriptions except for the listed subscriptions).
- Allow/Deny Subscriptions List - A list of allowed or denied Subscription IDs/names. If empty, no filtering will occur and recommendations will be produced for all subscriptions.
- Sends an email notification
This Policy Template uses Credentials for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s).
-
Azure Resource Manager Credential (provider=azure_rm) which has the following permissions:
Microsoft.Security/regulatoryComplianceStandards/read
-
Flexera Credential (provider=flexera) which has the following roles:
billing_center_viewer
The Provider-Specific Credentials page in the docs has detailed instructions for setting up Credentials for the most common providers.
- Azure
This policy template does not incur any cloud costs.