Closed teemukom closed 2 months ago
anwather
commented
2 months ago A couple of ways: a) Prevent them from doing it via Defender and make them use EPAC. b) Have a regular process to extract exemptions and redeploy them so EPAC can manage them. c) Not manage exemptions at all using EPAC.
teemukom
commented
2 months ago A couple of ways: a) Prevent them from doing it via Defender and make them use EPAC. b) Have a regular process to extract exemptions and redeploy them so EPAC can manage them. c) Not manage exemptions at all using EPAC.
Thanks for a rapid response! We would prefer option B of course. Are there any examples of how to do this?
anwather
commented
2 months ago Yes you can use the export process to extract everything from the environment including exemptions - then if you are already managing exemptions you can update the CSV file. If you are not already managing them the documentation has instructions on how to get set up.
https://azure.github.io/enterprise-azure-policy-as-code/start-extracting-policy-resources/
Users can create exemptions through Defender for Cloud. How should we take care of these and manage them through EPAC?