AvePoint Learn
Request an article
Contact support
Request an article
Contact support
English

Home > Azure Security Management > Configure Cloud Posture Risk Policies

Download this article

Configure Cloud Posture Risk Policies

Cloud posture risk policies define the security and configuration rules to continuously assess cloud resources for security risks and misconfigurations. You can create policies once and manage them across multiple tenants. Group rules into a single policy, publish it to selected resources, and update it centrally for more consistent and efficient security management.

At the top of the Azure security management page, you can view the Cloud posture risk policies tile. Click View details on the tile to access the Cloud posture risk policies page. On this page, you can manage policies and rules via the two tabs.

Manage Policies

Under the Policies tab, you can perform the following operations to manage policies:

  • Create policy – Click Create policy on the ribbon to create a policy. Refer to the Create a Policy section for details.

  • Edit policy – Click an existing policy that is not published to view and update the settings.

  • Duplicate policy – Select a policy and click Duplicate. Enter a new name and optional description and click Save. A same policy with the new name will be created.

  • Publish/Unpublish policy – Select a policy and click Publish or Unpublish. Only published policies can be used for risk scan.

  • Delete policy – Select a policy that is not in use and click Delete to delete it. Note that a published policy cannot be deleted.

To check the risk policies at the tenant level, click the tenant name on the Azure security management page and click Cloud posture risk policies in the left navigation. The Cloud posture risk policies page will list all policies that are applied to the tenant.

Create a Policy

On the Create policy page, refer to the following steps to create a policy:

  1. In the Basic information step, complete the following information:

    • Policy name – Enter a name for this policy.

    • Description – Enter an optional description for this policy.

  2. Click Next to go to the Rules step.

    1. Click Add rule.

    2. Select the rules you want to add to this policy and click Add. You can also remove the added rules from the policy by selecting the rules and clicking Delete.

  3. Click Next to go the Applied tenants step.

    1. Click Add to define the tenants to which you want to apply this policy.

    2. In the Set tenant scope window, select the tenants and click Apply.

    3. After the tenant selection, click Add to add the tenants to the scope. You can also remove the added tenant records from the scope by selecting the records and clicking Delete.

  4. Click Create and publish to create the policy and publish it to the configured tenants.

    Optionally, you can click Create to create the policy without publishing it.

Manage Rules

The Rules tab lists all out-of-the-box regulation rules provided by Elements. From this page, you can review individual rules, see which policies they belong to, check their severity levels, and view the resource types included in the evaluation scope.

To edit the severity of the rule, you can select the rule and click Change severity. In the Change severity window, you can change the severity (Critical, High, Medium, or Low). Click Save to save your change. Or you can click Reset to default to reset the severity to the default level defined by Elements.