Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: How to manage exemptions created through Defender for Cloud #747

Closed
teemukom opened this issue Sep 18, 2024 · 3 comments
Closed

Question: How to manage exemptions created through Defender for Cloud #747

teemukom opened this issue Sep 18, 2024 · 3 comments
Assignees
@anwather
Labels
question Further information is requested

Comments

@teemukom
Copy link

Users can create exemptions through Defender for Cloud. How should we take care of these and manage them through EPAC?
@anwather
Copy link
Collaborator

A couple of ways:
a) Prevent them from doing it via Defender and make them use EPAC.
b) Have a regular process to extract exemptions and redeploy them so EPAC can manage them.
c) Not manage exemptions at all using EPAC.

@teemukom
Copy link
Author

A couple of ways: a) Prevent them from doing it via Defender and make them use EPAC. b) Have a regular process to extract exemptions and redeploy them so EPAC can manage them. c) Not manage exemptions at all using EPAC.

Thanks for a rapid response! We would prefer option B of course. Are there any examples of how to do this?

@anwather
Copy link
Collaborator

Yes you can use the export process to extract everything from the environment including exemptions - then if you are already managing exemptions you can update the CSV file. If you are not already managing them the documentation has instructions on how to get set up.

https://azure.github.io/enterprise-azure-policy-as-code/start-extracting-policy-resources/

@anwather anwather self-assigned this Sep 18, 2024
@anwather anwather added the question Further information is requested label Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anwather anwather

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anwather @teemukom