1
00:00:01,240 --> 00:00:02,970
[Autogenerated] now, let's look at Azure policy,

2
00:00:02,970 --> 00:00:05,170
Guest configuration now,

3
00:00:05,170 --> 00:00:09,070
I would recommend you look elsewhere on the Pluralsight library if you

4
00:00:09,070 --> 00:00:12,350
need remedial instruction on Azure policy in general,

5
00:00:12,350 --> 00:00:16,660
I'm going to assume, I have to assume that you have a basic understanding of it.

6
00:00:16,660 --> 00:00:21,660
So as your policy is a way to enforce compliance in your Azure environment,

7
00:00:21,660 --> 00:00:26,020
you've got compliance evaluation and enforcement using JSON

8
00:00:26,020 --> 00:00:29,480
javascript object notation based policy definitions,

9
00:00:29,480 --> 00:00:32,690
you can put guardrails on your Azure environment for example,

10
00:00:32,690 --> 00:00:35,020
you might want to make sure that none of your colleagues

11
00:00:35,020 --> 00:00:37,470
can deploy resources to unauthorized.

12
00:00:37,470 --> 00:00:41,660
Azure regions you may want to enforce particular VM sizes,

13
00:00:41,660 --> 00:00:45,390
you may want to ensure that the deployment will only succeed if

14
00:00:45,390 --> 00:00:48,000
azure log analytics monitoring is enabled,

15
00:00:48,000 --> 00:00:52,980
these sorts of things, you may also want to apply consistent taxonomic tax.

16
00:00:52,980 --> 00:00:57,410
Now as your policy for Azure is fantastic but what if we

17
00:00:57,410 --> 00:00:59,830
could apply Azure policy off cloud?

18
00:00:59,830 --> 00:01:00,700
Well, guess what?

19
00:01:00,700 --> 00:01:05,780
That's where Azure arc enabled servers come in we can use select Azure

20
00:01:05,780 --> 00:01:10,630
policies with Azure arc enabled servers that are outside of Azure as well

21
00:01:10,630 --> 00:01:14,180
as our Azure Native VMS And don't get me wrong,

22
00:01:14,180 --> 00:01:20,340
azure policy applies to far more than VMS applies to anything in azure but

23
00:01:20,340 --> 00:01:25,070
remember in this 800 context we're concerned with supporting Windows server

24
00:01:25,070 --> 00:01:28,200
machines running both in azure as well as off.

25
00:01:28,200 --> 00:01:32,500
Azure now as your policy guest configuration is a subset of

26
00:01:32,500 --> 00:01:36,370
capability within as your policy Now as your policy deals

27
00:01:36,370 --> 00:01:38,490
with the resources themselves,

28
00:01:38,490 --> 00:01:43,900
the virtual machines themselves as objects or as resources as your policy.

29
00:01:43,900 --> 00:01:45,820
Guest configuration extends.

30
00:01:45,820 --> 00:01:51,140
Azure policy to the operating system settings of those monitored machines.

31
00:01:51,140 --> 00:01:51,930
In a way,

32
00:01:51,930 --> 00:01:57,870
guest configuration is very similar to PowerShell desired state configuration,

33
00:01:57,870 --> 00:01:59,350
or PowerShell Dsc.

34
00:01:59,350 --> 00:02:00,620
And as a matter of fact,

35
00:02:00,620 --> 00:02:04,310
the options for Azure policy Guest configuration

36
00:02:04,310 --> 00:02:06,900
includes simply auditing compliance,

37
00:02:06,900 --> 00:02:13,000
as well as doing remediation that does use desired state configuration. Pretty cool.