Creating a Dashboard for Azure Policy Initiatives in Audit Mode

Nana Poku 90 Reputation points
2024-11-16T13:05:24.1066667+00:00

I have a policy initiative set to Audit mode in Azure and would like to create a dashboard for it. Additionally, I want to provide access to other team members for better visibility. What is the best approach to achieve this?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
939 questions
{count} votes

Accepted answer
  1. SadiqhAhmed-MSFT 47,836 Reputation points Microsoft Employee
    2024-11-18T14:27:20.1633333+00:00

    @Nana Poku Greetings!

    Creating a dashboard in Azure to monitor and provide visibility into a policy initiative (set to Audit mode) is a great way to ensure that your team members can track compliance and monitor policy states. Azure provides several ways to achieve this, primarily using Azure Policy, Azure Monitor, and Azure Dashboard. Please follow the step-by-step approach to set up this process.

    Ensure that your Policy Initiative (group of policies) is in Audit mode and is correctly assigned to the appropriate scope (subscription, resource group, management group, etc.). This will ensure that your dashboard will reflect accurate compliance data.

    If you want to create a dashboard that reflects the compliance state of your Audit mode policy initiative, you will likely want to track and alert on non-compliant resources.

    • Go to Azure Monitor in the portal.
    • Under Alerts, create a new alert rule.
    • Set the condition to trigger when there are non-compliant resources under the specific Policy Initiative. This can be done by querying the Policy Compliance data using Kusto Query Language (KQL) or by using the built-in metric signals for policy compliance.

    Example of a KQL query to filter non-compliant resources in the last 30 days:

    PolicyComplianceResources
    | where ComplianceState == "NonCompliant" and PolicyAssignmentName == "<PolicyInitiativeName>"
    | summarize count() by ResourceId, PolicyAssignmentName, ComplianceState
    
    

    This will help in identifying and alerting on any non-compliant resources, which can be a key data point for your dashboard.

    To create a custom dashboard that provides visibility into the status of your Policy Initiative, you can use Azure Dashboards. This allows you to combine multiple visualizations, such as metrics, logs, and alerts.

    1. Go to the Azure portal.
    2. In the search bar, type "Dashboards" and select Azure Dashboards.
    3. Click + New to create a new dashboard.
    4. Choose the Tile type you want to use. You can add tiles to display:
      • Policy compliance status (e.g., using the Policy Compliance widget, showing compliant vs non-compliant resources).
      • Metrics for your Audit mode policies.
      • Logs from Azure Monitor, such as the results of KQL queries.
    5. After adding the necessary tiles, arrange and resize them as required.

    Add the Policy Compliance Data to the Dashboard

    To display policy compliance data (Audit mode) on the dashboard, you can use Log Analytics workbooks or Metrics:

    Using Log Analytics Workbook:

    1. Go to Azure Monitor > Workbooks.
    2. Create a new workbook.
    3. Add a query to track the compliance state of your Policy Initiative (you can use the KQL query mentioned earlier).
    4. Customize the visualizations as needed (e.g., bar charts, pie charts).
    5. Save the workbook and link it to your dashboard.

    Using Policy Compliance Widgets:

    1. In Azure Dashboards, select the Policy Compliance widget.
    2. Select the relevant Policy Initiative and set filters (like scope, date range).
    3. Add the widget to your dashboard to show real-time compliance status.

    Grant Access to Other Team Members

    Once the dashboard is created, you can provide access to other team members for visibility.

    1. Go to the Dashboard in the Azure portal.
    2. Click Share at the top of the dashboard.
    3. You can either:
      • Share with specific users or groups by providing them with Reader or higher access to the dashboard.
      • Assign permissions to the dashboard by clicking Manage permissions.
    4. Add users or groups that should have access (ensure they have the appropriate role, e.g., Reader, Contributor, or a custom role).

    For a broader level of access, you may also consider sharing access at the subscription or resource group level to ensure that users have visibility across relevant resources.

    Hope this helps. Please reply if you have any questions.


    If the response helped, do "Accept Answer" and up-vote it


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.