I'm trying to duplicate a policy definition along with its metadata in Azure Policy, specifically for NIST SP 800 171. While I can do this through the portal UI, it doesn't duplicate the entire metadata. For instance, the original policy initiative for NIST-800 171 R2 and my duplicate show the same data, but the nesting is different. Does anyone know how to achieve a complete duplication, including all metadata? Whether it be in the portal, CLI, etc. Below is a brief description of the issue I've been encountering:
NIST-800 171 R2 is nested as 3.1 Access Control -> 3.1.1 Limit system access... etc) -> Automated assessments.
(.png)
Eval Custom NIST SP 800 (Duplicate) is nested as 1. NIST_SP_800-171_R2_3.1.1 -> Automated assessments.
(.png)
Attempted to duplicate via the portal, and CLI but I cannot seem to find the way to create the custom policy definition with the all the metadata from the original standard.
I'm trying to duplicate a policy definition along with its metadata in Azure Policy, specifically for NIST SP 800 171. While I can do this through the portal UI, it doesn't duplicate the entire metadata. For instance, the original policy initiative for NIST-800 171 R2 and my duplicate show the same data, but the nesting is different. Does anyone know how to achieve a complete duplication, including all metadata? Whether it be in the portal, CLI, etc. Below is a brief description of the issue I've been encountering:
NIST-800 171 R2 is nested as 3.1 Access Control -> 3.1.1 Limit system access... etc) -> Automated assessments.
(https://i.sstatic/mLwOkUyD.png)
Eval Custom NIST SP 800 (Duplicate) is nested as 1. NIST_SP_800-171_R2_3.1.1 -> Automated assessments.
(https://i.sstatic/xF8GyAEi.png)
Attempted to duplicate via the portal, and CLI but I cannot seem to find the way to create the custom policy definition with the all the metadata from the original standard.
Share Improve this question asked Mar 3 at 15:45 JuanJuan 1 1- Check with this refer doc on the simlar query learn.microsoft/en-us/answers/questions/2184854/… @Juan – Vinay B Commented Mar 18 at 9:27
1 Answer
Reset to default 0Duplicate a Policy Definition with Metadata
While copying a policy definition from policy along with its details you can use both the approaches, but we need to address two issues i.e., Metadata Duplication and structural differences.
You can use either Azure CLI or Azure PowerShell to achieve this requirement
Using PowerShell
First, export the existing policy definition to a JSON file using the AZ policy definition show command. Then, update the JSON file with any changes you want. Finally, use the AZ policy definition create command to create a new policy based on the updated JSON.
Using CLI
You can use the Get-AzPolicyDefinition cmd let to fetch the existing policy definition. Modify the retrieved policy and then create a new one using New-AzPolicyDefinition.
Note that some metadata, like metadata_I'd, is read-only and can't be changed or copied. This means there might be slight differences in the structure when you create the duplicate policy.
If you're having trouble copying certain metadata correctly, make sure to carefully check the properties in the JSON or PowerShell objects and adjust them if needed.
Refer:
https://learn.microsoft/en-us/azure/azure-resource-manager/management/security-controls-policy#nist-sp-800-171-r2
https://learn.microsoft/en-us/azure/governance/policy/concepts/initiative-definition-structure#policy-definition-groups
Azure: How to Duplicate a Policy Definition with Metadata? - Microsoft Q&A answered by Rahul Podila