Risk Level: Low
Description
Azure Policy Assignments are necessary for ensuring the safety of Azure cloud resources. This plugin ensures that Azure policy assignments are configured for keeping azure cloud safe.
About the Service
Azure Policy:
Azure Policy is a service in Azure that allows you to create policies that enforce and control the properties of a resource. When these policies are used they enforce different rules and effects over your resources, so those resources stay compliant with your IT governance standards. A security policy defines the set of controls that are recommended for resources within the specified subscription. In Azure Security Center, you define policies for your Azure subscriptions according to your company's security requirements and the type of applications or sensitivity of the data in each subscription. For more information, click here.
Impact
In the absence of Azure Policy Assignments, cloud resources are vulnerable in terms of safety and security. Therefore, if the Policy assignment is not present, the issue is to be raised with a message showing that there is no policy assignment configured for the selected Azure subscription. As a remediation of it, ensure that azure policy assignments are configured properly.
Steps to Reproduce
In order to determine if no policy assignments are configured for the selected subscription, follow the steps given below:
Using Azure Console-
- Firstly, sign in to the Azure Management Console with your registered organization email address.
- Under Azure Services, choose Subscriptions.
- A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
- Now, in the Filter Type Box under the All Services, search for Policy.
- Click on the Policy nav link. A policy page in your selected subscription will be displayed on the screen.
- In the left navigation panel, under the Authorising section click on the Assignments Blade.
- A new page with the list of all the Assignments under Azure Policy will appear on the screen.
- In the list, check for the Type column, if there is no assignment available with Type set to Policy, then the vulnerability exists.
- Follow the steps above, for other Azure Policy Assignment in the current subscription as well as in other subscriptions in your Azure Cloud.
Steps for Remediation
In order to configure the policy assignments in the selected Azure Subscription, follow the steps given below:
Using Azure Console-
- Firstly, sign in to the Azure Management Console with your registered organization email address.
- Under Azure Services, choose Subscriptions.
- A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
- Now, in the Filter Type Box under the All Services, search for Policy.
- Click on the Policy nav link. A policy page in your selected subscription will be displayed on the screen.
- In the left navigation panel, under the Authorising section click on the Assignments Blade.
- A new page with the list of all the Assignments under Azure Policy will appear on the screen.
- Now, click on the Assign Policy nav link available at the top navigation bar.
- A new Assign Policy page will be displayed. Click on the Basics tab under Assign Policy.
- In the Policy Definition, click on the three dots to view the available definitions.
- On the Available Definitions page, search for the policy definition according to your preference and select it. Now, click on the Select button available at the bottom.
- Assignment Name will automatically be filled with the definition title. However, you may change it according to your preference.
- Click on the Enable option in the policy enforcement.
- Now, click on the Parameters tab under Assign Policy. Under Allowed Locations select the locations according to your preferences and select Next.
- Finally, click on the Review + Create button to create the Assignment Policy. The allowed locations policy is successfully configured for the resource groups
- Follow the steps above, for other Azure Policy Assignment in the current subscription as well as in other subscriptions in your Azure Cloud.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support