Forum Discussion

Copper Contributor

Nov 01, 2020

Eable/Disable Selective ASC Policies

Hi, Is there a way to selectively disable (not have the policy active) a secure policy either at the subscriptoon or resource group level? For example, if a policy is to recommend VM firewalls t...

MVP

Nov 02, 2020

Yes, this is possible.

Please check the following two articles:

Working with security policies
Policy exemption (preview) feature or more traditional exclusions (excluded scopes) in policy assignments

JoVuon
Copper Contributor
Jan 22, 2021
Hi David,

Besides the expiry of exemption, is there other differences compared to exclusions? What is MS design goal for exemption given we could exclude it? Or phrasing it differently, what goals it trying to fulfil with exemptions?

Another point, I find update a large policy such as the ASC cumbersome via the Portal, is there an alternative, ie CLI?

Many thanks
Joe
- StanislavBelov
  Microsoft
  Jan 24, 2021
  Hi JoVuon ,
  
  You can find info on how these two differ here: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/scope#assignment-scopes. In short, we added exemptions, as requested by many customers, to provide more granular control of what resources/assets you can permanently or temporarily exempt from secure score evaluation/reporting.
  
  As far as the azure policy management, there are many ways of doing so, please visit: Overview of Azure Policy - Azure Policy | Microsoft Docs
  - JoeVuon
    Copper Contributor
    Jan 31, 2021
    Hi Stanislav,
    
    Thanks for the reply. I'll have what you've provided. thanks
    
    Joe
JoVuon
Copper Contributor
Nov 02, 2020
Hi pazdedav,

Thanks for the response. I'll review the link and see how I go. Much appreciated.