You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?
To identify resources that do not match the policy definitions within an initiative assigned to a resource group in Azure, you should use the Azure Policy service. Specifically, from the Policy blade of the Azure portal, select Compliance. This provides a detailed view of policy compliance across your resources, allowing you to see which resources are not compliant with the assigned policy definitions.
Answer is clearly A. We use this daily basis in our system. You go to security center -> Under Cloud Security -> Regulatory Compliance. You see all information you need to see there. I cannot understand why people here "Blindly" say the answer is B. B is wrong because it says "Azure AD Admin Centre", the Azure AD Admin Center has nothing to do with Regulatory compliance and there is no option there. Please read the answer completely before confusing others. Thanks.
We was not asked to show Regulatory compliance.
Azure Active Directory admin center is https://portal.azure.com. If you go to Policy -> Compliance then you'll get what you need. Answer B is correct
Azure Active Directory admin center is https://aad.portal.azure.com. The Link you posted is just the Azure Portal.
I disagree. The resources by compliance state can be found in Policy-Compliance. https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyMenuBlade/~/Compliance
Answer is wrong. I think A is the best fit.
No Regulatory compliance doesn't show initiatives, just regulatory compliance.
Wrong, Initiatives are the only thing housed in the regulatory compliance blade in DfC.
The resources by compliance state can be found in Policy-Compliance. https://portal.azure.com/#view/Microsoft_Azure_Policy/PolicyMenuBlade/~/Compliance
This question doesn't make sense. I'm assuming Initiative1 is a custom initiative and it needs to be assigned at the sub level to be showing in MDfC under Regulatory compliance. However answer A makes the most sense. Alternatively checking the Policy portal makes sense but it mentions AAD admin center which is wrong. https://learn.microsoft.com/en-us/azure/defender-for-cloud/custom-security-policies?pivots=azure-portal#to-add-a-custom-initiative-to-your-subscription
https://learn.microsoft.com/en-us/azure/defender-for-cloud/custom-security-policies?pivots=azure-portal Your new initiative takes effect and you can see the impact in the following two ways: From the Defender for Cloud menu, select Regulatory compliance. The compliance dashboard opens to show your new custom initiative alongside the built-in initiatives. You'll begin to receive recommendations if your environment doesn't follow the policies you've defined.
If you're here answering "A" you're clearly stupid and don't even take the time to open the Portal to see what's happening.
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
Answer is B
it could not be A: In the Azure Security Center regulatory compliance blade, you can get an overview of key portions of your compliance posture with respect to a set of supported standards. Currently supported standards are Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP. https://azure.microsoft.com/en-us/blog/regulatory-compliance-dashboard-in-azure-security-center-now-available/
Azure Portal > Policy > Compliance
Go to the Azure portal. Navigate to Policy. In the Authoring section, select Assignments. Select the assignment for Initiative1. In the assignment details page, select Remediation. In the Remediation page, you can see the resources that do not comply with the policy definitions.
A is the best answer B. AAD admin Center > Compliance send you to Purview, DLP topics. (Be careful guys)
Technically you should be going to Policy now to review which resource fail to be compliant
B is correct: The Azure Active Directory (Azure AD) admin center is a web-based management console that allows administrators to manage their organization's Azure AD resources. Here's how to access the Azure AD admin center: Go to the Azure portal (https://portal.azure.com). In the left-hand menu, click on "Azure Active Directory" (under "Services"). This will take you to the Azure AD overview page. From there, you can access the Azure AD admin center by clicking on "Azure AD admin center" in the left-hand menu. Alternatively, you can access the Azure AD admin center directly by going to the following URL: https://aad.portal.azure.com/. You'll need to sign in with an account that has administrative access to your organization's Azure AD resources.
Answer is correct: https://learn.microsoft.com/en-us/azure/governance/policy/how-to/determine-non-compliance#compliance-details
https://learn.microsoft.com/en-us/azure/defender-for-cloud/custom-security-policies?pivots=azure-portal Your new initiative takes effect and you can see the impact in the following two ways: From the Defender for Cloud menu, select Regulatory compliance. The compliance dashboard opens to show your new custom initiative alongside the built-in initiatives. You'll begin to receive recommendations if your environment doesn't follow the policies you've defined.
B is the answer they are asking about the compliance for that policy, not the whole compliance which is used by many polices