AvePoint Learn
Using Learn
Request an article
Contact support
Using Learn
Request an article
Contact support
English

Home > Azure Security Management > Configure Cloud Posture Risk Policies

Download this article

Configure Cloud Posture Risk Policies

Cloud posture risk policies define the security and configuration rules to continuously assess cloud resources for security risks and misconfigurations. You can create policies once and manage them across multiple tenants. Group rules into a single policy, publish it to selected resources, and update it centrally for more consistent and efficient security management.

At the top of the Azure security management page, you can view the Cloud posture risk policies tile. Click View details on the tile to access the Cloud posture risk policies page. On this page, you can manage policies and rules via the two tabs.

Manage Policies

Under the Policies tab, you can perform the following operations to manage policies:

  • Create policy – Click Create policy on the ribbon to create a policy. Refer to the Create a Policy section for details.

  • Edit policy – Click an existing policy that is not published to view and update the settings.

  • Duplicate policy – Select a policy and click Duplicate. Enter a new name and optional description and click Save. A same policy with the new name will be created.

  • Apply to tenant – Select a policy and click Apply to tenant. In the Apply to tenant window, you can add or remove the tenant to which you want to apply this policy and click Apply. Note that this action is not available for published policies.

  • Publish/Unpublish policy – Select a policy and click Publish or Unpublish. Only published policies can be used for risk scan.

  • Delete policy – Select a policy that is not in use and click Delete to delete it. Note that a published policy cannot be deleted.

To check the risk policies at the tenant level, click the tenant name on the Azure security management page and click Cloud posture risk policies in the left navigation. The Cloud posture risk policies page will list all policies that are applied to the tenant. Click a policy name to view the details of the policy. There are four tabs on the policy details page:

  • General – This tab shows the general information of the policy, including the name, description, and modified time.

  • Rules – This tab lists all rules included in the policy.

  • Issues – This tab lists all issues detected by the policy. To export the currently displayed issue list, click Export. Select the columns to include: the current visible columns or all columns, select the file format: .xlsx or .csv, and click Export.

  • Audit logs – This tab displays all action records performed to the current policy.

Create a Policy

On the Create policy page, refer to the following steps to create a policy:

  1. In the Basic information step, complete the following information:

    • Policy name – Enter a name for this policy.

    • Description – Enter an optional description for this policy.

  2. Click Next to go to the Rules step.

    1. Click Add rule.

    2. Select the rules you want to add to this policy and click Add. You can also remove the added rules from the policy by selecting the rules and clicking Delete.

  3. Click Next to go the Applied tenants step.

    1. Click Add to define the tenants to which you want to apply this policy.

    2. In the Set tenant scope window, select the tenants and click Apply.

    3. After the tenant selection, click Add to add the tenants to the scope. You can also remove the added tenant records from the scope by selecting the records and clicking Delete.

  4. Click Create and publish to create the policy and publish it to the configured tenants.

    Optionally, you can click Create to create the policy without publishing it.

Manage Rules

The Rules tab lists all out-of-the-box regulation rules provided by Elements. From this page, you can review individual rules, see which policies they belong to, check their severity levels, and view the resource types included in the evaluation scope.

To view the risk rules supported by Elements, refer to the Supported Risk Rules section.

To edit the severity of the rule, you can select the rule and click Change severity. In the Change severity window, you can change the severity (Critical, High, Medium, or Low). Click Save to save your change. Or you can click Reset to default to reset the severity to the default level defined by Elements.

You can click the rule name to view the details of the rule. There are two tabs on the rule details page:

  • General – This tab shows the general information of the rule, which also allows you to edit the severity and comment of the rule by clicking the pencil button next to the field.

    In the Summary section, you can view the summary for the rule generated by AI.

  • Audit logs – This tab displays all action records performed to the current rule.