04/25/2024

Implementing Initiatives – Compliance and Cloud Governance

Implementing Initiatives – Compliance and Cloud Governance

Using initiatives, you can chain or combine multiple policies, assign them on a scope, and manage them without hassle. Like policies, you can use the built-in initiatives, or you can produce a custom initiative. The concepts related to policies such as assignment, scoping, definition, and evaluation are also applicable in the case of initiatives.

If we navigate to Policy ➢ Definition and filter the definition type as Initiative, you will be able to see all the built-in initiatives. In the list (refer to Figure 2.14), if you take a closer look at the column Policies, you will be able to see the number of policies that are part of the initiative. For example, notice the IRS1075 September 2016 initiative comprises of 62 policies. Some initiatives will have fewer policies, while others will have 150+ policies.

FIGURE 2.14 Listing initiative policies

The built-in initiatives are available for all popular compliance standards such as ISO, FedRAMP, PCI, NIST, etc., and several region-based standards. Having these initiatives built-in can help organizations to easily attain these standards without wasting time.

If you open any of the initiatives, you will be able to see the list of policies that are chained to the initiative. For example, search for Azure Security Benchmark and open the initiative by clicking the name. This initiative comprises 199 policies at the time of authoring this book. Opening the initiative gives the list of policies that are part of the initiative (refer to Figure 2.15). Also, it gives you the option to assign, duplicate, or export the definition.

Creating a new initiative definition follows the same process of creating a policy definition. If you noticed in the graphic in Exercise 2.3, step 3, next to policy definition there is a button to create an initiative definition as well. Clicking this button will take you through the process of chaining or combining the policies and creating the initiative. The assignment and scoping work exactly the same way as policies. If you are familiar with the workflow of policies, you can easily implement initiatives.

The next topic we are going to cover is role-based access control.

FIGURE 2.15 Inspecting the initiative policy

Author:
Filed Under: Certification Exams of Microsoft AZ-104, Microsoft AZ-104 Certification Exams, Policy Assignment and Scope

Leave a Reply

Your email address will not be published. Required fields are marked *