diff --git a/docs/getting-started/getting-started-aws/connect-an-account/index.md b/docs/getting-started/getting-started-aws/connect-an-account/index.md
index b49c324a..418970c8 100644
--- a/docs/getting-started/getting-started-aws/connect-an-account/index.md
+++ b/docs/getting-started/getting-started-aws/connect-an-account/index.md
@@ -5,7 +5,7 @@ sidebar_label: Connect an AWS Account
# Connect an AWS Account to Guardrails
-In this guide, you will deploy the Guardrails IAM access role to your AWS account using a CloudFormation template and then connect that account to Guardrails.
+In this guide, you will deploy the Guardrails IAM access role to your AWS account using a CloudFormation template and then connect that account to Guardrails.
This is the second guide in the *Getting started with AWS* series.
@@ -40,21 +40,25 @@ Wait for the progress bar to complete. The time this takes will depend on how ma
## Step 5: View Controls by state
-Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
+Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
## Step 6: Configure report filters
From the filter bar, expand the **Type** dropdown. Then select the checkbox next to **AWS** to limit the report to only show AWS controls.
-
-Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
+
+Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
## Step 7: View the report
-Review the status of your controls for AWS. `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your account. If you see controls in `Error` or `Invalid` states, those must be cleared before moving further into these guides.
+Review the status of your controls for AWS. `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your account.
+
+> [!IMPORTANT]
+> The controls in `Error` or `Invalid` states must be cleared before moving further into these guides.
+> It takes few mins depending on various factors. We suggest to wait and report to [Turbot support](help@turbot.com), in case these errors are not cleared up automatically.
diff --git a/docs/getting-started/getting-started-aws/prepare-account/choose-template-file.png b/docs/getting-started/getting-started-aws/prepare-account/choose-template-file.png
index 722522c0..8ec74b3b 100644
Binary files a/docs/getting-started/getting-started-aws/prepare-account/choose-template-file.png and b/docs/getting-started/getting-started-aws/prepare-account/choose-template-file.png differ
diff --git a/docs/getting-started/getting-started-aws/prepare-account/index.md b/docs/getting-started/getting-started-aws/prepare-account/index.md
index c461942b..a63bee39 100644
--- a/docs/getting-started/getting-started-aws/prepare-account/index.md
+++ b/docs/getting-started/getting-started-aws/prepare-account/index.md
@@ -20,7 +20,7 @@ This is the first guide in the *Getting started with AWS* series.
## Step 1: Login to Guardrails
-Login to your Guardrails console and select the **CONNECT** option from the home page.
+Login to your Guardrails console and select the **CONNECT** option from the home page.
@@ -28,7 +28,7 @@ Login to your Guardrails console and select the **CONNECT** option from the home
Guardrails needs an IAM role that grants permission to discover [resources](/guardrails/docs/reference/glossary#resource) in your account and to monitor changes via event handlers. The CloudFormation template downloaded in this step has the minimum permissions necessary to create that role.
-Select **AWS Account** from the left navigation and then click the blue **Download CloudFormation Template** button to download the CloudFormation template you will use to create the required IAM role in your AWS account.
+Select **AWS Account** from the left navigation and then click the blue **Download CloudFormation Template** button to download the CloudFormation template you will use to create the required IAM role in your AWS account.
@@ -83,7 +83,6 @@ Select the **Outputs** tab and copy the ARN of the Guardrails IAM role.
In this guide you've learned how to deploy an AWS role that grants minimal permissions to Guardrails using the AWS CloudFormation service.
-
## Next Steps
In the [next guide](/guardrails/docs/getting-started/getting-started-aws/connect-an-account) you will use the IAM role you just created to import an AWS account into Guardrails.
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/expand-quick-actions-dropdown.png b/docs/getting-started/getting-started-azure/apply-quick-action/expand-quick-actions-dropdown.png
new file mode 100644
index 00000000..a025de7a
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/expand-quick-actions-dropdown.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/find-storage-account-in-alarm-for-versioning.png b/docs/getting-started/getting-started-azure/apply-quick-action/find-storage-account-in-alarm-for-versioning.png
new file mode 100644
index 00000000..1cb00f32
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/find-storage-account-in-alarm-for-versioning.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/index.md b/docs/getting-started/getting-started-azure/apply-quick-action/index.md
new file mode 100644
index 00000000..219bac04
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/apply-quick-action/index.md
@@ -0,0 +1,118 @@
+---
+title: Apply a Quick Action
+sidebar_label: Apply a Quick Action
+---
+
+# Apply a Quick Action
+
+In this guide we’ll show how you can enable Guardrails to perform [Quick Actions](/guardrails/docs/guides/quick-actions) that fix misconfigurations. A Quick Action empowers an administrator to quickly fix misconfigurations by applying a change directly to an underlying Azure resource. In order to use this feature, the role used by Guardrails will need additional permissions to perform those actions. This guide will instruct you how to change the permissions specific to storage accounts, other types of quick actions will require different permission grants.
+
+This is the ninth guide in the *Getting started with Azure series*.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+- Access to the Azure portal with administrative privileges to add permissions to the Guardrails role.
+
+## Step 1: Locate the resource group
+
+In the Azure portal, navigate to **Resource Groups** and select the storage accounts you’re using in this series.
+
+
+
+## Step 2: Open Access Control (IAM)
+
+
+
+## Step 3: Begin role assignment
+
+Expand the **Add** dropdown and choose **Add role assignment**.
+
+
+
+## Step 4: Search for the role
+
+Seach for `storage account contributor`, select it, and select **Next**.
+
+
+
+## Step 5: Search for registered app
+
+Select **Select members**, search for the name of your registered app, and **Select** it.
+
+
+
+## Step 6: Review and assign
+
+
+
+## Step 7: Find Quick Actions
+
+Select **Policies** from the top-level navigation. In the search box, type `quick actions`, then select the **Turbot > Quick Actions > Enabled** policy type.
+
+
+
+Select the green **New Policy Setting** button.
+
+
+
+## Step 8: Enable Quick Actions
+
+Choose **Sandbox** as the **Resource**, and then select **Enabled**, and select the green **Create** button.
+
+
+
+## Step 9: Find a storage account in Alarm
+
+Use your bookmark to navigate back to the **Controls by State** report and filter on **Azure > Storage > Storage Account > Minimum TLS Version**.
+
+
+
+## Step 10: Select a storage account in Alarm
+
+Select a storage account in `Alarm` state from the list of storage accounts.
+
+
+
+## Step 11: Use a Quick Action
+
+Select the **Actions** dropdown, and choose *Set Minimum TLS Version*.
+
+
+
+## Step 12: Observe the change
+
+Guardrails reports that the action was successful, and the control goes to the `OK` state.
+
+
+
+
+
+## Step 13: Check if it worked
+
+Open a tab to the Azure portal and navigate to the storage account. Confirm the Guardrails `Quick Action` has correctly set the minimum TLS version.
+
+
+
+## Step 14: Review
+
+In this guide you enabled Guardrails Quick Actions and used a Quick Action to change a storage account's policy for minimum TLS version.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/enable-enforcement) we’ll set Guardrails to automatically enforce these actions continuously.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] Create a Static Exception to a Guardrails Azure Policy
+- [x] Create a Calculated Exception to a Guardrails Azure Policy
+- [x] Send an Alert to Email
+- [x] **Apply a Quick Action**
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/observe-updated-control.png b/docs/getting-started/getting-started-azure/apply-quick-action/observe-updated-control.png
new file mode 100644
index 00000000..fd843047
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/observe-updated-control.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-1.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-1.png
new file mode 100644
index 00000000..fcad92e9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-1.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-2.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-2.png
new file mode 100644
index 00000000..6343bfe0
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-2.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-3.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-3.png
new file mode 100644
index 00000000..5ebaff02
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-3.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-4.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-4.png
new file mode 100644
index 00000000..36619294
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-4.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-5.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-5.png
new file mode 100644
index 00000000..97e6cfd1
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-5.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/permissions-6.png b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-6.png
new file mode 100644
index 00000000..5835cfe0
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/permissions-6.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/raw-observe-azure-console-result.png b/docs/getting-started/getting-started-azure/apply-quick-action/raw-observe-azure-console-result.png
new file mode 100644
index 00000000..49be7385
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/raw-observe-azure-console-result.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/raw-view-email-notification.png b/docs/getting-started/getting-started-azure/apply-quick-action/raw-view-email-notification.png
new file mode 100644
index 00000000..8c113473
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/raw-view-email-notification.png differ
diff --git a/docs/getting-started/getting-started-azure/apply-quick-action/select-storage-account-in-alarm-for-versioning.png b/docs/getting-started/getting-started-azure/apply-quick-action/select-storage-account-in-alarm-for-versioning.png
new file mode 100644
index 00000000..b18ce795
Binary files /dev/null and b/docs/getting-started/getting-started-azure/apply-quick-action/select-storage-account-in-alarm-for-versioning.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/connect-1.png b/docs/getting-started/getting-started-azure/connect-subscription/connect-1.png
new file mode 100644
index 00000000..56150244
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/connect-1.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/connect-2.png b/docs/getting-started/getting-started-azure/connect-subscription/connect-2.png
new file mode 100644
index 00000000..81dcf65d
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/connect-2.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/connect-3.png b/docs/getting-started/getting-started-azure/connect-subscription/connect-3.png
new file mode 100644
index 00000000..7713bd65
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/connect-3.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/filter-1.png b/docs/getting-started/getting-started-azure/connect-subscription/filter-1.png
new file mode 100644
index 00000000..52de188c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/filter-2.png b/docs/getting-started/getting-started-azure/connect-subscription/filter-2.png
new file mode 100644
index 00000000..b6d971d5
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/index.md b/docs/getting-started/getting-started-azure/connect-subscription/index.md
new file mode 100644
index 00000000..14600a1a
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/connect-subscription/index.md
@@ -0,0 +1,99 @@
+---
+title: Connect an Azure Subscription to Guardrails
+sidebar_label: Connect an Azure Subscription
+---
+
+# Connect an Azure Subscription to Guardrails
+
+In this guide you will connect a subscription to Guardrails.
+
+This is the second guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completed the previous guide: **Prepare an Azure Subscription for Import to Guardrails**.
+
+- Access to the Turbot Guardrails console with admin privilege.
+
+## Step 1: Login to Guardrails
+
+Login to your Guardrails console and select the **CONNECT** option from the home page.
+
+
+
+## Step 2: Select Azure Subscription
+
+
+
+## Step 3: Select location
+
+Use the **Parent Resource** dropdown to select the **Sandbox** folder as the location to import the subscription.
+
+
+
+## Step 4: Enter details
+
+If you forgot to save all these details when completing the first guide, you can find them in the Azure portal as follows:
+
+| Parameter | Location |
+|--------------------|----------------------------------------------------------------------------------------------------------|
+| **Subscription ID** | The **Home > Subscriptions** page has your *Subscription ID*. |
+| **Tenant ID and Client ID** | The **Home > App registrations** page has *Directory (tenant) ID* and *Application (client) ID*. |
+| **Client Key** | If you forgot to save the secret's value created earlier, go to **Home > App registrations > YOUR_APP_NAME > Certificates & secrets** to create a new one. Use the *Value* (not the *Secret ID*). |
+
+Select your environment (likely *Global Cloud*).
+
+Select **Connect**.
+
+
+
+## Step 5: Observe progress
+
+Wait for the progress bar to complete. The time this takes will depend on how many resources are in the account; it is normal for the progress bar to fluctuate in size as new types of resources are discovered.
+
+
+
+## Step 6: View Controls by State
+
+Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
+
+
+
+## Step 7: Configure report filters
+
+From the filter bar, expand the **Type** dropdown. Then select the checkbox next to **Azure** to limit the report to only show Azure controls.
+
+Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
+
+
+
+## Step 8: View the report
+
+Review the status of your controls for Azure. `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your subscription.
+
+> [!IMPORTANT]
+> The controls in `Error` or `Invalid` states must be cleared before moving further into these guides.
+> It takes few mins depending on various factors. We suggest to wait and report to [Turbot support](help@turbot.com), in case these errors are not cleared up automatically.
+
+
+
+## Step 9: Review
+
+In this guide you successfully imported an Azure subscription into Guardrails.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/observe-azure-activity) we’ll see how Guardrails monitors cloud events and reacts to resource changes.
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] **Connect an Azure Subscription to Guardrails**
+- [ ] Observe Azure Resource Activity
+- [ ] Enable Your First Guardrails Policy Pack
+- [ ] Review Subscription-Wide Governance
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/login.png b/docs/getting-started/getting-started-azure/connect-subscription/login.png
new file mode 100644
index 00000000..bf9ac43e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/login.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/progress-bar.png b/docs/getting-started/getting-started-azure/connect-subscription/progress-bar.png
new file mode 100644
index 00000000..c9d4b738
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/progress-bar.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-1.png b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-1.png
new file mode 100644
index 00000000..e09ec50e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-1.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-2.png b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-2.png
new file mode 100644
index 00000000..14eafd37
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-2.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-3.png b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-3.png
new file mode 100644
index 00000000..32f62569
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/raw-connect-3.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/raw-filter-1.png b/docs/getting-started/getting-started-azure/connect-subscription/raw-filter-1.png
new file mode 100644
index 00000000..02571920
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/raw-filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/connect-subscription/raw-login.png b/docs/getting-started/getting-started-azure/connect-subscription/raw-login.png
new file mode 100644
index 00000000..58ac4512
Binary files /dev/null and b/docs/getting-started/getting-started-azure/connect-subscription/raw-login.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/choose-resource.png b/docs/getting-started/getting-started-azure/create-calculated-exception/choose-resource.png
new file mode 100644
index 00000000..844103f6
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/choose-resource.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/enable-calculated-mode.png b/docs/getting-started/getting-started-azure/create-calculated-exception/enable-calculated-mode.png
new file mode 100644
index 00000000..54bb5546
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/enable-calculated-mode.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/index.md b/docs/getting-started/getting-started-azure/create-calculated-exception/index.md
new file mode 100644
index 00000000..b9a2fbe4
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/create-calculated-exception/index.md
@@ -0,0 +1,142 @@
+---
+title: Create a Calculated Exception to a Guardrails Azure Policy
+sidebar_label: Create a Calculated Exception
+---
+
+
+# Create a Calculated Exception to a Guardrails Azure Policy
+
+
+In this guide you'll learn how to make dynamic policy exceptions based on resource tags. These [Calculated Policies](/guardrails/docs/reference/glossary#calculated-policy) enable you to implement business logic when designing your governance controls.
+
+Some typical examples of how to use calculated polices are:
+
+- Dynamic tagging of resources based on resource metadata.
+- Creating policy exceptions for different classes of resources.
+- Taking enforcement action based on resource tags.
+
+This guide will walk you through a simple calculated policy based on resource tags.
+
+This is the seventh guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+- Access to the Azure portal with permissions to tag storage accounts
+
+## Step 1: Open the Policy Pack
+
+Choose **Policies** from the top navigation bar. Select the **Enforce Secure TLS Version for Azure Storage Accounts** Policy Pack from the list on the right.
+
+
+
+
+## Step 2: Modify the policy setting
+
+The TLS policy is currently `Check: TLS 1.2`. Use the pencil icon on the right side of the policy setting to edit the policy.
+
+
+
+## Step 3: Enable calculated mode
+
+Select the blue **Enable calculated mode** link.
+
+
+
+## Step 4: Launch calculated policy builder
+
+Select **Launch calculated policy builder**.
+
+
+
+
+## Step 5: Choose test resource
+
+Calculated policies work across all resources in scope of the policy setting. While building a calc policy it is useful to test the business logic against real resources in your environment. For this guide you will find and select one of the previously-created storage accounts by searching in the **Test Resource** field.
+
+
+
+## Step 6: Build query
+
+In the **Query Input** field we will use **Select Snippet** to prepopulate our [GraphQL](/guardrails/docs/reference/glossary#graphql) query. Choose **Get storage account** from the dropdown.
+
+
+
+## Step 7: View query result
+
+Guardrails inserts a GraphQL query for storage account tags into the **Input** pane, and then runs the query against the selected test resource. The result, in the **Output** pane, shows there are no tags on the storage account.
+
+
+
+## Step 8: Add the Jinja2 template
+
+Our business logic is created in the `Template` section, using [Nunjucks syntax](https://mozilla.github.io/nunjucks/templating.html).
+
+Copy this template code:
+
+```nunjucks
+{% if $.storageAccount.turbot.tags.environment == "development" %}
+'Skip'
+{% else %}
+'Check: TLS 1.2'
+{% endif %}
+```
+
+And paste it into the template pane.
+
+
+
+Guardrails evaluates the template in the context of the chosen **Test Resource**. The template output, `Check: TLS`, is the calculated policy value that will govern any storage account’s **Azure > Storage > Storage Account > Minumum TLS Version** policy if it is tagged with `environment:development`. Only these tagged storage accounts will be required to have TLS 1.2 enabled. Others will be skipped, whether or not they enable TLS 1.2.
+
+The result confirms that `Check: TLS 1.2` is valid for this policy type. Why? Because the test storage account does not have a tag `{ "environment": "development" }`.
+
+Select **Update**
+
+## Step 9: Save the calculated policy to the Policy Pack
+
+Select **Update**.
+
+
+
+## Step 10: Observe controls for storage account TLS version
+
+Navigate back to the **Controls by State** report and set the **Type** filter to **Azure > Storage > Storage Account > Minimum TLS Version**. Storage accounts with TLS 1.2 enabled will be in the `OK` state. Find one in the `Alarm` state to modify, and note its name.
+
+
+
+## Step 11: Tag the storage account
+
+Open the Azure portal in another tab, navigate to the storage account identified in the previous step, and assign the tag `environment:development` to it.
+
+
+
+## Step 12: Observe the effect
+
+Return to the **Controls by State** report in the previous browser tab. Observe that Guardrails notices the change, reevaluates the resource, runs the calculated policy, and changes the status from `Alarm` to `Skipped`.
+
+
+
+## Step 13: Review
+
+In this guide you created your first calculated policy and tested it using the control that governs the TLS version for storage accounts.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/send-alert-to-email) we’ll see how to subscribe to these status alerts via email, Slack, or MS Teams.
+
+
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] Create a Static Exception to a Guardrails Azure Policy
+- [x] **Create a Calculated Exception to a Guardrails Azure Policy**
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/launch-builder.png b/docs/getting-started/getting-started-azure/create-calculated-exception/launch-builder.png
new file mode 100644
index 00000000..6e6c4793
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/launch-builder.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/open-snippet-dropdown.png b/docs/getting-started/getting-started-azure/create-calculated-exception/open-snippet-dropdown.png
new file mode 100644
index 00000000..5f8c57df
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/open-snippet-dropdown.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-choose-resource.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-choose-resource.png
new file mode 100644
index 00000000..d472f2de
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-choose-resource.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-enable-calculated-mode.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-enable-calculated-mode.png
new file mode 100644
index 00000000..c448dd76
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-enable-calculated-mode.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-launch-builder.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-launch-builder.png
new file mode 100644
index 00000000..4dd78642
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-launch-builder.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-open-snippet-dropdown.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-open-snippet-dropdown.png
new file mode 100644
index 00000000..cd537425
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-open-snippet-dropdown.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-revisit-controls-by-state.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-revisit-controls-by-state.png
new file mode 100644
index 00000000..95aa3b08
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-revisit-controls-by-state.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-snippet-active.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-snippet-active.png
new file mode 100644
index 00000000..203da98e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-snippet-active.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tag-the-storage-account.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tag-the-storage-account.png
new file mode 100644
index 00000000..bdd3473e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tag-the-storage-account.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tagged-now-skipped.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tagged-now-skipped.png
new file mode 100644
index 00000000..13a70b94
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-tagged-now-skipped.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-template-active.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-template-active.png
new file mode 100644
index 00000000..9b239eeb
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-template-active.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-update-setting.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-update-setting.png
new file mode 100644
index 00000000..af3b27e7
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-update-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-pack.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-pack.png
new file mode 100644
index 00000000..c1fc0114
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-pack.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-packs.png b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-packs.png
new file mode 100644
index 00000000..b3bf7687
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/raw-view-policy-packs.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/revisit-controls-by-state.png b/docs/getting-started/getting-started-azure/create-calculated-exception/revisit-controls-by-state.png
new file mode 100644
index 00000000..a8759330
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/revisit-controls-by-state.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/snippet-active.png b/docs/getting-started/getting-started-azure/create-calculated-exception/snippet-active.png
new file mode 100644
index 00000000..6676a052
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/snippet-active.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/tagged-now-skipped.png b/docs/getting-started/getting-started-azure/create-calculated-exception/tagged-now-skipped.png
new file mode 100644
index 00000000..bea64b7f
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/tagged-now-skipped.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/template-active.png b/docs/getting-started/getting-started-azure/create-calculated-exception/template-active.png
new file mode 100644
index 00000000..16c14366
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/template-active.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/update-setting.png b/docs/getting-started/getting-started-azure/create-calculated-exception/update-setting.png
new file mode 100644
index 00000000..cfc1bf6a
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/update-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-pack.png b/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-pack.png
new file mode 100644
index 00000000..0ef3780b
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-pack.png differ
diff --git a/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-packs.png b/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-packs.png
new file mode 100644
index 00000000..cf24ce16
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-calculated-exception/view-policy-packs.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/choose-storage-account.png b/docs/getting-started/getting-started-azure/create-static-exception/choose-storage-account.png
new file mode 100644
index 00000000..92027dae
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/choose-storage-account.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/create-policy-setting.png b/docs/getting-started/getting-started-azure/create-static-exception/create-policy-setting.png
new file mode 100644
index 00000000..b07b3eed
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/create-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/filter-3.png b/docs/getting-started/getting-started-azure/create-static-exception/filter-3.png
new file mode 100644
index 00000000..25bf6771
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/filter-3.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/index.md b/docs/getting-started/getting-started-azure/create-static-exception/index.md
new file mode 100644
index 00000000..e49c5082
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/create-static-exception/index.md
@@ -0,0 +1,99 @@
+---
+title: Create a Static Exception to a Guardrails Azure Policy
+sidebar_label: Create a Policy Exception
+---
+
+# Create a Static Exception to a Guardrails Azure Policy
+
+In this guide you’ll learn how to exempt a specific resource from a subscription-wide policy
+
+This is the sixth guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+
+- Access to the Guardrails console with administrative privileges.
+
+## Step 1: Open the Controls by State report
+
+Navigate to the **Controls by State** report, expand the **Type** dropdown, and search for `azure storage account tls`. Enable the checkbox next to **Azure > Storage > Storage Account > Minimum TLS Version** to filter by **Type**.
+
+
+
+## Step 2: Set the State filter
+
+You can also filter by **State**. Expand that dropdown, and enable the checkbox next to **Alarm**.
+
+
+
+## Step 3: Choose a storage account
+
+Pick a control, here `guardrailsazurestorage1`, and select its linked name.
+
+
+
+## Step 4: View resource details
+
+Because we were viewing the **Controls by State** report, our action landed us on the **Control Details** page. We can switch to the **Resource Detail** view by using the blue **Resource** link next to the sub-tab bar.
+
+
+
+## Step 5: View polices for the storage account
+
+Now that you are are viewing the **Resource Detail** for the selected storage account, you can create an exception for this resource. To do that you will create a new policy setting. Select the **Policies** sub-tab and click the green **New Policy Setting** button.
+
+
+
+
+## Step 6: Select the policy type
+
+In the **Type** dropdown, search for `azure storage tls version`, and enable the checkbox next to **Azure > Storage > Storage Account > Minimum TLS Version**.
+
+
+
+## Step 7: Create the policy exception
+
+Choose the **Skip** setting, and select **Create**.
+
+
+
+## Step 8: Confirm the setting
+
+This storage account is now exempt from the requirement to enforce TLS 1.2.
+
+
+
+## Step 9: View in context
+
+Select the **Hierarchy** tab. The project-level policy specifies **Check: TLS 1.2**. You’ve overridden that with an exception that exempts this particular storage account from that policy.
+
+
+
+## Step 10: Review storage account activity
+
+Select the **Activity** tab and observe the history. When you created the storage-account-level policy setting to make an exception for this storage account, the control reevaluated and set the status to `Skipped`.
+
+
+
+## Step 11: Review
+
+In this guide you created a resource-level exception for the control that governs the TLS version for storage accounts.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/create-calculated-exception) we’ll see how to dynamically calculate an exception based on a resource tag.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] **Create a Static Exception to a Guardrails Azure Policy**
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/open-control.png b/docs/getting-started/getting-started-azure/create-static-exception/open-control.png
new file mode 100644
index 00000000..5c67e437
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/open-control.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/policies-sub-tab.png b/docs/getting-started/getting-started-azure/create-static-exception/policies-sub-tab.png
new file mode 100644
index 00000000..da6d3d16
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/policies-sub-tab.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-choose-storage-account.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-choose-storage-account.png
new file mode 100644
index 00000000..4e9103aa
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-choose-storage-account.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-confirm-policy-setting.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-confirm-policy-setting.png
new file mode 100644
index 00000000..236ce8c5
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-confirm-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-create-policy-setting.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-create-policy-setting.png
new file mode 100644
index 00000000..613e6fbe
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-create-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-2.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-2.png
new file mode 100644
index 00000000..24ea2cbf
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-3.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-3.png
new file mode 100644
index 00000000..a233e6cc
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-filter-3.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-policies-sub-tab.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-policies-sub-tab.png
new file mode 100644
index 00000000..f76782f2
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-policies-sub-tab.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-select-policy-type.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-select-policy-type.png
new file mode 100644
index 00000000..93776f03
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-select-policy-type.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-view-activity.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-activity.png
new file mode 100644
index 00000000..dea8ffc2
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-activity.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-view-hierarchy.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-hierarchy.png
new file mode 100644
index 00000000..46d991b5
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-hierarchy.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/raw-view-policy-type.png b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-policy-type.png
new file mode 100644
index 00000000..495b9de6
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/raw-view-policy-type.png differ
diff --git a/docs/getting-started/getting-started-azure/create-static-exception/select-policy-type.png b/docs/getting-started/getting-started-azure/create-static-exception/select-policy-type.png
new file mode 100644
index 00000000..2f11f527
Binary files /dev/null and b/docs/getting-started/getting-started-azure/create-static-exception/select-policy-type.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/choose-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/choose-setting.png
new file mode 100644
index 00000000..d6ae7f1c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/choose-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/edit-policy-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/edit-policy-setting.png
new file mode 100644
index 00000000..6ce2fc0d
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/edit-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/index.md b/docs/getting-started/getting-started-azure/enable-enforcement/index.md
new file mode 100644
index 00000000..1599c860
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/enable-enforcement/index.md
@@ -0,0 +1,75 @@
+---
+title: Enable Automatic Enforcement
+sidebar_label: Enable Automatic Enforcement
+---
+
+# Enable Automatic Enforcement
+
+In this guide we’ll show how you can enable Guardrails to act autonomously. For large cloud footprints, it is often desirable to have Guardrails take automated actions based on your organization's compliance and security posture. Guardrails' controls can take a number of different automated enforcement actions, including deleting resources, changing the configuration of a resource, and tagging a resource.
+
+This is the last guide in the *Getting started with Azure series*.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+
+> [!NOTE]
+> In the [previous guide](/guardrails/docs/getting-started/getting-started-azure/apply-quick-action) we showed how to add the permission that enables you to take a **Quick Action** on Azure storage accounts. This guide also requires that permission.
+
+
+## Step 1: Open the Policy Pack
+
+In [Enable your First Policy Pack](/guardrails/docs/getting-started/getting-started-azure/enable-policy-pack) you enabled `Enforce Secure TLS Version for Azure Storage Accounts`. Select **Policies** from the top-level navigation bar, then choose that Policy Pack from the list.
+
+
+
+## Step 2: Edit the policy setting
+
+Select the pencil icon next to the calculated policy you created [earlier](/guardrails/docs/getting-started/getting-started-gcp/create-calculated-exception).
+
+
+
+## Step 3: Disable calculated mode
+
+
+Select **Disable calculated mode** to return to standard policy mode.
+
+
+
+## Step 4: Enable enforcement
+
+Choose **Enforce: TLS 1.2** and select **Update**.
+
+
+
+## Step 5: Observe Guardrails in action
+
+Use your bookmark to navigate back to **Controls by State** report, and use the **Type** filter to choose **Azure > Storage > Storage Account > Minimum TLS Version**. In a few minutes all of your storage accounts in this subscription are now either `OK` or `Skipped`.
+
+Try downgrading the TLS version on a storage account. It won’t stay that way for long!
+
+
+
+## Step 6: Review
+
+In this guide series you learned the basics of importing Azure subscriptions into Guardrails, enabling Policy Packs, creating exceptions and notifications, and even more mischief.
+
+## Next Steps
+
+This Getting Started series just scratches the surface of what you can do with Guardrails. Try installing more [policy packs](https://hub.guardrails.com) into your workspace, and run through this series again to explore the breadth and variety of what Guardrails can do.
+
+## Progress tracker
+
+**Congratulations! You did it!**
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] Create a Static Exception to a Guardrails Azure Policy
+- [x] Create a Calculated Exception to a Guardrails Azure Policy
+- [x] Send an Alert to Email
+- [x] Apply a Quick Action
+- [x] **Enable Automatic Enforcement**
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/locate-policy-pack.png b/docs/getting-started/getting-started-azure/enable-enforcement/locate-policy-pack.png
new file mode 100644
index 00000000..7578b79d
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/locate-policy-pack.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/raw-all-ok-or-skipped.png b/docs/getting-started/getting-started-azure/enable-enforcement/raw-all-ok-or-skipped.png
new file mode 100644
index 00000000..e16a9d50
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/raw-all-ok-or-skipped.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/raw-choose-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/raw-choose-setting.png
new file mode 100644
index 00000000..adad1ade
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/raw-choose-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/raw-edit-policy-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/raw-edit-policy-setting.png
new file mode 100644
index 00000000..700ae064
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/raw-edit-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/raw-locate-policy-pack.png b/docs/getting-started/getting-started-azure/enable-enforcement/raw-locate-policy-pack.png
new file mode 100644
index 00000000..88b154c3
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/raw-locate-policy-pack.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/raw-view-policy-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/raw-view-policy-setting.png
new file mode 100644
index 00000000..18c254cb
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/raw-view-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-enforcement/view-policy-setting.png b/docs/getting-started/getting-started-azure/enable-enforcement/view-policy-setting.png
new file mode 100644
index 00000000..425c22e6
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-enforcement/view-policy-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/attach-1.png b/docs/getting-started/getting-started-azure/enable-policy-pack/attach-1.png
new file mode 100644
index 00000000..67ef0d71
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/attach-1.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/attach-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/attach-2.png
new file mode 100644
index 00000000..d8fd2222
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/attach-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/filter-1.png b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-1.png
new file mode 100644
index 00000000..95d4e4f0
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/filter-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-2.png
new file mode 100644
index 00000000..a5e41e25
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/filter-3.png b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-3.png
new file mode 100644
index 00000000..56a159cf
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/filter-3.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/index.md b/docs/getting-started/getting-started-azure/enable-policy-pack/index.md
new file mode 100644
index 00000000..e7849f94
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/enable-policy-pack/index.md
@@ -0,0 +1,93 @@
+---
+title: Enable Your First Guardrails Policy Pack
+sidebar_label: Enable Policy Pack
+---
+
+# Enable your First Policy Pack
+
+In this guide, you will learn how to attach a Guardrails [Policy Pack](/guardrails/docs/guides/configuring-guardrails/policy-packs) to enable governance controls.
+
+This is the fourth guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+- Access to the Azure portal with the ability to create and modify storage accounts.
+
+## Step 1: Check storage account TLS setting in Azure
+
+Check the properties of the storage account you created in the previous guide ([Observe Azure activity](/guardrails/docs/getting-started/getting-started-azure/observe-azure-activity)). Verify that TLS still set to 1.0 on the test storage account you created.
+
+
+
+## Step 2: Filter controls
+
+You bookmarked the **Controls by State** report in [Connect a Subscription](/guardrails/docs/getting-started/getting-started-azure/connect-subscription), go there now. From the filter bar open the **Type** dropdown and search for `azure storage account tls`. Select the checkbox next to `Azure > Storage > Storage Account > Minimum TLS Version`.
+
+
+
+
+## Step 3: Find your storage account
+
+Search for your storage account by typing its name into the search field. It should be in the `Skipped` state, because Guardrails has not been configured to check the TLS version on storage accounts.
+
+
+
+## Step 4: Navigate to your account
+
+Right-click the **Guardrails** logo at the top of the page and open the page in a new browser tab
+
+
+
+Click on the **Accounts** sub-tab from the homepage and then select your Azure subscription.
+
+
+
+On the subscription resource page, select the **Detail** sub-tab.
+
+
+
+## Step 5: Locate the Policy Pack manager
+
+Select the **MANAGE** next to **Policy Packs** UI widget.
+
+
+
+## Step 6: Attach the Policy Pack to your subscription
+
+In the **Edit policy pack attachments** dialog box, select **Add**.
+
+
+
+
+Your Guardrails workspace should have the Policy Pack [Enforce Secure TLS Version for Azure Storage Accounts](https://hub.guardrails.turbot.com/policy-packs/azure_storage_enforce_secure_tls_version_for_storage_accounts) pre-installed.
+
+In the dropdown, select the Policy Pack named `Enforce Secure TLS Version for Azure Storage Accounts`. Then select **Save**.
+
+
+
+
+## Step 7: Observe policy effect
+
+Return to your open browser tab (or bookmark) for the **Controls by State** report. Observe that the control state for your test storage account changes from `Skip` to `Alarm`. It is in the `Alarm` state because you downgraded the TLS setting in [Observe Azure Activity](/guardrails/docs/getting-started/getting-started-azure/observe-azure-activity) but the policy requires TLS 1.2.
+
+
+
+## Step 8: Review
+
+In this guide you've attached a Policy Pack to your Azure subscription to check the TLS setting on storage accounts, and observed how the policy affects your storage account's control for Minimum TLS Version.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] **Enable Your First Guardrails Policy Pack**
+- [ ] Review Subscription-Wide Governance
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-2.png
new file mode 100644
index 00000000..0581c7cf
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-3.png b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-3.png
new file mode 100644
index 00000000..a3ecffd2
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-3.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-4.png b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-4.png
new file mode 100644
index 00000000..316a74d8
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/locate-policy-pack-manage-4.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-1.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-1.png
new file mode 100644
index 00000000..4b9894b3
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-1.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-2.png
new file mode 100644
index 00000000..45952e90
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-attach-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-1.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-1.png
new file mode 100644
index 00000000..69b35986
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-2.png
new file mode 100644
index 00000000..15ced06b
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-2.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-2.png
new file mode 100644
index 00000000..4e5e69b5
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-2.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-3.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-3.png
new file mode 100644
index 00000000..150b2780
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-locate-policy-pack-manage-3.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-storage-account-in-alarm.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-storage-account-in-alarm.png
new file mode 100644
index 00000000..0f1a9b76
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-storage-account-in-alarm.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/raw-tls-setting.png b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-tls-setting.png
new file mode 100644
index 00000000..64dc6651
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/raw-tls-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/storage-account-in-alarm.png b/docs/getting-started/getting-started-azure/enable-policy-pack/storage-account-in-alarm.png
new file mode 100644
index 00000000..19fa7661
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/storage-account-in-alarm.png differ
diff --git a/docs/getting-started/getting-started-azure/enable-policy-pack/tls-setting.png b/docs/getting-started/getting-started-azure/enable-policy-pack/tls-setting.png
new file mode 100644
index 00000000..10d9b353
Binary files /dev/null and b/docs/getting-started/getting-started-azure/enable-policy-pack/tls-setting.png differ
diff --git a/docs/getting-started/getting-started-azure/index.md b/docs/getting-started/getting-started-azure/index.md
new file mode 100644
index 00000000..d68197f7
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/index.md
@@ -0,0 +1,21 @@
+---
+title: Getting Started with Azure
+sidebar_label: Getting Started with Azure
+---
+
+# Getting Started with Azure
+
+This series of guides provides a curated experience to import your first Azure subscription and learn how to use Turbot Guardrails. If you are brand-new to Guardrails, we highly recommend that you walk through the guides in order and follow each step. Once you are familar with the concepts presented here, you can then focus in on a specific use case important to your organization. You can browse our library of use case examples on [The Guardrails Hub](https://hub.guardrails.turbot.com/)
+
+| Guide | Description
+| - | - |
+| [Prepare a Subscription](getting-started/getting-started-azure/prepare-subscription) | Prepare a subscription for import into Guardrails. |
+| [Connect a Subscription](getting-started/getting-started-azure/connect-subscription) | Import an Azure subscription. |
+| [Observe Resource Activity](getting-started/getting-started-azure/observe-azure-activity) | Monitor Azure [resource](/guardrails/docs/reference/glossary#resource) activities. |
+| [Enable a Policy Pack](getting-started/getting-started-azure/enable-policy-pack) | Attach a [Policy Pack](/guardrails/docs/concepts/policy-packs) to enforce security and compliance. |
+| [Review subscription-Wide Activity](getting-started/getting-started-azure/review-subscription-wide) | Observe the effect of a Policy Pack across your subscription. |
+| [Create a Static Exception](getting-started/getting-started-azure/create-static-exception) | Create a static policy exception for a specific resource. |
+| [Create a Calculated Exception](getting-started/getting-started-azure/create-calculated-exception) | Create a [Calculated Policy](/guardrails/docs/reference/glossary#calculated-policy) that use [CMDB](/guardrails/docs/reference/glossary#cmdb) data, a [GraphQL](/guardrails/docs/reference/glossary#graphql) query, and a Nunjucks template to dynamically generate resource-specific policy values. |
+| [Send Alerts](getting-started/getting-started-azure/send-alert-to-email) | Set up Guardrails [notifications](/guardrails/docs/reference/glossary#notifications) to send real-time alerts about events that occur in your cloud infrastructure. |
+| [Apply a Quick Action](getting-started/getting-started-azure/apply-quick-action) | Enable users to initiate specific, one-time [Control](/guardrails/docs/reference/glossary#control) enforcements directly from the Guardrails UI. |
+| [Enable Enforcement](getting-started/getting-started-azure/enable-enforcement) | Enable enforcement in Guardrails to ensure automatic remediation of policy violations. |
\ No newline at end of file
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-1.png
new file mode 100644
index 00000000..3ef8d7a9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-2.png
new file mode 100644
index 00000000..85f3d0dc
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/create-storage-2.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/diff.png b/docs/getting-started/getting-started-azure/observe-azure-activity/diff.png
new file mode 100644
index 00000000..06c19ae7
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/diff.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/filter-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-1.png
new file mode 100644
index 00000000..d6bbb7d8
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/filter-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-2.png
new file mode 100644
index 00000000..08b310f6
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/filter-3.png b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-3.png
new file mode 100644
index 00000000..83893c8a
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-3.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/filter-4.png b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-4.png
new file mode 100644
index 00000000..60790b50
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/filter-4.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/index.md b/docs/getting-started/getting-started-azure/observe-azure-activity/index.md
new file mode 100644
index 00000000..defe5db1
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/observe-azure-activity/index.md
@@ -0,0 +1,95 @@
+---
+title: Observe Azure Resource Activity
+sidebar_label: Observe Resource Activity
+---
+
+# Observe Azure Resource Activity
+
+In this guide you will learn how Guardrails detects and reacts to events in your Azure subscription. You will manually create and modify an Azure storage account and explore how to view that activity in the Guardrails console.
+
+This is the third guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+- Console access to an Azure subscription and the ability to create and modify storage accounts.
+
+> [!NOTE]
+> We will use storage account names like `guardrailsazurestorage1` in this guide
+
+## Step 1: Create an Azure storage account
+
+Navigate to **Home > Storage accounts**, select **Create**, assign a name, and select **Review + create**.
+
+
+
+On the next screen, select **Create**.
+
+
+
+## Step 2: Resource Activities report
+
+Select **Reports** from the top navigation bar. Search for the word "resource" and select **Resource Activities**.
+
+
+
+## Step 3: Filter by type
+
+From the filter bar, expand the **Resource Type** dropdown.
+
+
+
+Set the filter to **Azure > Storage > Storage Account**. You can do this by typing `azure storage account` into the search box, as shown here. When you see *Azure > Storage > Storage Account* appear in the list, select the checkbox next to it.
+
+
+
+## Step 4: Observe activity
+
+You can scope the resource activity report to a specific storage account by searching for the name of your storage account. To do this, type its name into the search field. Guardrails will show all notifications related to the storage account. In the screen below, the `RESOURCE CREATED` activity represents Guardrails discovery of the storage account and `RESOURCE UPDATED` indicates that Guardrails has updated the CMDB entry with additional details about it.
+
+
+
+## Step 5: Downgrade to TLS 1.0
+
+Azure storage accounts default to TLS 1.2. Select the link *Version 1.2* to open the configuration screen.
+
+
+
+Choose `TLS 1.0` and select **Save**.
+
+
+
+## Step 6: Observe events
+
+Switch back to the Guardrails console browser tab. Guardrails’ event processing system will detect the change once Azure emits the events and they are processed. A new `RESOURCE UPDATED` notification will then appear in the `Activities` list. Select the new notification from the list.
+
+
+
+## Step 7: Audit resource change
+
+On the notifications detail page, you can see metadata about the change and even audit the changes in configuration between the previous known state and the observed change. Scroll down in the **DIFF** section to observe the changes that Guardrails has recorded.
+
+
+
+## Step 8: Review
+
+In this guide you changed the TLS property of an Azure storage account and observed how Guardrails recorded the change.
+
+## Next Steps
+
+Next we’ll explore [how to enable a policy pack](/guardrails/docs/getting-started/getting-started-azure/enable-policy-pack) that requires storage account to use TLS 1.2.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] **Observe Azure Resource Activity**
+- [ ] Enable Your First Guardrails Policy Pack
+- [ ] Review Subscription-Wide Governance
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-1.png
new file mode 100644
index 00000000..50cbe973
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-2.png
new file mode 100644
index 00000000..f0ef5b55
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-create-storage-2.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-diff.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-diff.png
new file mode 100644
index 00000000..00420fe9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-diff.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-1.png
new file mode 100644
index 00000000..c931a8d7
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-2.png
new file mode 100644
index 00000000..b6c4e559
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-3.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-3.png
new file mode 100644
index 00000000..ae7122a8
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-3.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-4.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-4.png
new file mode 100644
index 00000000..e58b4040
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-filter-4.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-1.png
new file mode 100644
index 00000000..5e0a1393
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-2.png
new file mode 100644
index 00000000..76afa320
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/raw-tls-2.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/tls-1.png b/docs/getting-started/getting-started-azure/observe-azure-activity/tls-1.png
new file mode 100644
index 00000000..2da6775e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/tls-1.png differ
diff --git a/docs/getting-started/getting-started-azure/observe-azure-activity/tls-2.png b/docs/getting-started/getting-started-azure/observe-azure-activity/tls-2.png
new file mode 100644
index 00000000..283f5fbf
Binary files /dev/null and b/docs/getting-started/getting-started-azure/observe-azure-activity/tls-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-1.png
new file mode 100644
index 00000000..99259041
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-2.png
new file mode 100644
index 00000000..0142072f
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-3.png b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-3.png
new file mode 100644
index 00000000..7542bd0b
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-3.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-4.png b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-4.png
new file mode 100644
index 00000000..0a8a03c9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-4.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-5.png b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-5.png
new file mode 100644
index 00000000..eeb2ed2c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/assign-role-5.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-1.png
new file mode 100644
index 00000000..1a251b9e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-2.png
new file mode 100644
index 00000000..6413c82e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-3.png b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-3.png
new file mode 100644
index 00000000..beb76ddb
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/cloudshell-3.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/index.md b/docs/getting-started/getting-started-azure/prepare-subscription/index.md
new file mode 100644
index 00000000..d214e035
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/prepare-subscription/index.md
@@ -0,0 +1,154 @@
+---
+title: Prepare an Azure Subscription for Import to Guardrails
+sidebar_label: Prepare an Azure Subscription
+---
+
+# Prepare an Azure Subscription for Import to Guardrails
+
+In this guide you will prepare an Azure subscription to be imported into Guardrails. You will deploy a role with the minimal permissions needed for Guardrails to discover and monitor resources in your subscription.
+
+This is the first guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+Access to the Turbot Guardrails console with admin privilege.
+
+An Azure subscription to import into Guardrails.
+
+## Step 1: Locate app registrations
+
+Select **App registrations**.
+
+
+
+## Step 2: Begin new registration
+
+Select **New registration**.
+
+
+
+## Step 3: Register the app
+
+Name the application. The name ought to be recognizable as a Guardrails registration and relevant to the subscription to be imported. Turbot recommends the naming convention `Guardrails - {Name of the subscription}`. The Redirect URI is optional. The Guardrails integration doesn’t use the redirect URL as a part of authentication. If you would like to include your Guardrails workspace hostname, this is a handy reference location.
+
+Select **Register**.
+
+
+
+## Step 4: Capture details
+
+Capture the Application (client) ID and Directory (tenant) IDs, you will need them later. Select the linked name of your subscription.
+
+
+
+## Step 5: Locate certificates & secrets.
+
+Select **Certificates & secrets**.
+
+
+
+## Step 6: Create secret
+
+Select **Create new secret**, write a description, and select **Add**.
+
+
+
+## Step 7: Launch cloud shell
+
+Capture the Value of the secret (not the Secret ID) for use later.
+
+Select the cloud shell icon.
+
+
+
+## Step 8: Create a ReadOnly role
+
+In the cloudshell, launch a text editor (e.g. `nano guardrails_reader_role.json`) and paste this JSON code, swapping in your subscription ID. (If needed you can use `az account show --query id --output tsv` to print the ID.)
+
+> [!NOTE]
+> You can use vim instead of nano
+
+```json
+{
+ "name": "guardrails_reader",
+ "description": "Basic Permissions needed for Guardrails Reader access",
+ "actions": [
+ "*/read",
+ "Microsoft.Storage/storageAccounts/listkeys/action",
+ "Microsoft.KeyVault/vaults/secrets/read",
+ "Microsoft.KeyVault/vaults/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "assignableScopes": [
+ "/subscriptions/<>"
+ ]
+}
+```
+
+> [!NOTE]
+> The Azure default `Reader` role does not include permissions to read `KeyVault Secrets` metadata (not the secret itself), so they are included here.
+
+If using `nano`, the commands to save and exit are **CTRL-O** (Write Out), **Enter** (to save), and **CTRL-X** (to exit).
+
+
+
+
+Run this command to create the role.
+
+```bash
+az role definition create --role-definition guardrails_reader_role.json
+```
+
+Run this command to verify the role was created.
+
+```bash
+az role definition list --name "guardrails_reader"
+```
+
+
+
+## Step 9: Assign the role to the app
+
+Navigate to the portal home page, select **Subscriptions**, select your subscription, then select **Access control (IAM)**.
+
+
+
+Expand the **Add** dropdown and choose **Add role assignment**.
+
+
+
+Search for the role you created, click to select it, and select **Next**.
+
+
+
+Select **Select members**, search for your registered app, and **Select** it.
+
+
+
+Select **Review + assign**.
+
+
+
+## Step 10: Review
+
+In this guide you've learned how to deploy an Azure role that grants minimal permissions to Guardrails.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/connect-subscription) you will use the role you just created to import an Azure subscription into Guardrails.
+
+
+## Progress tracker
+
+- [x] **Prepare an Azure Subscription for Import to Guardrails**
+- [ ] Connect an Azure Subscription to Guardrails
+- [ ] Observe Azure Resource Activity
+- [ ] Enable Your First Guardrails Policy Pack
+- [ ] Review Subscription-Wide Governance
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/locate-app-registrations.png b/docs/getting-started/getting-started-azure/prepare-subscription/locate-app-registrations.png
new file mode 100644
index 00000000..7a724b8b
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/locate-app-registrations.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/name-and-create.png b/docs/getting-started/getting-started-azure/prepare-subscription/name-and-create.png
new file mode 100644
index 00000000..ca071a43
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/name-and-create.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/new-registration.png b/docs/getting-started/getting-started-azure/prepare-subscription/new-registration.png
new file mode 100644
index 00000000..6fb321bb
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/new-registration.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-1.png
new file mode 100644
index 00000000..67934097
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-2.png
new file mode 100644
index 00000000..979df7ef
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-3.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-3.png
new file mode 100644
index 00000000..8cf9c135
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-3.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-4.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-4.png
new file mode 100644
index 00000000..ae7160e8
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-4.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-5.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-5.png
new file mode 100644
index 00000000..62d2511e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-assign-role-5.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-1.png
new file mode 100644
index 00000000..66c087d0
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-2.png
new file mode 100644
index 00000000..b633286c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-cloudshell-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-locate-app-registrations.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-locate-app-registrations.png
new file mode 100644
index 00000000..fc23d7f7
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-locate-app-registrations.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-name-and-create.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-name-and-create.png
new file mode 100644
index 00000000..ff42e3ce
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-name-and-create.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-new-registration.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-new-registration.png
new file mode 100644
index 00000000..881eae7c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-new-registration.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-registered-app.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-registered-app.png
new file mode 100644
index 00000000..054c1408
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-registered-app.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-1.png
new file mode 100644
index 00000000..c94ad1a0
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-2.png
new file mode 100644
index 00000000..cf157a68
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-3.png b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-3.png
new file mode 100644
index 00000000..b932aea2
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/raw-secrets-3.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/registered-app.png b/docs/getting-started/getting-started-azure/prepare-subscription/registered-app.png
new file mode 100644
index 00000000..912723e8
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/registered-app.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/secrets-1.png b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-1.png
new file mode 100644
index 00000000..139b5002
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-1.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/secrets-2.png b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-2.png
new file mode 100644
index 00000000..1ff118b9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-2.png differ
diff --git a/docs/getting-started/getting-started-azure/prepare-subscription/secrets-3.png b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-3.png
new file mode 100644
index 00000000..8145717d
Binary files /dev/null and b/docs/getting-started/getting-started-azure/prepare-subscription/secrets-3.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/filter-1.png b/docs/getting-started/getting-started-azure/review-subscription-wide/filter-1.png
new file mode 100644
index 00000000..363441b3
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/filter-2.png b/docs/getting-started/getting-started-azure/review-subscription-wide/filter-2.png
new file mode 100644
index 00000000..4e9f9484
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/index.md b/docs/getting-started/getting-started-azure/review-subscription-wide/index.md
new file mode 100644
index 00000000..9f7b9e80
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/review-subscription-wide/index.md
@@ -0,0 +1,71 @@
+---
+title: Review Subscription-Wide Governance
+sidebar_label: Subscription-Wide Governance
+---
+
+# Review Subscription-Wide TLS Versioning for Storage Accounts
+
+In this guide you’ll see how a single Policy Pack can govern all resources across a project.
+
+This is the fifth guide in the *Getting started with Azure* series.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+
+- Access to the Guardrails console with administrative privileges.
+
+## Step 1: Open the Controls by State report
+
+Navigate back to the **Controls by State** report (or use your saved bookmark), expand the **Type** dropdown, and search for `azure storage account tls`. Enable the checkbox next to **Azure > Storage > Storage Account > Minimum TLS Version** to set the filter.
+
+
+
+## Step 2: Filter on controls for TLS version
+
+Your test storage account is in the Alarm (red) state out: of policy. Others, if created with the default TLS setting, are in the `OK` (green) state: in policy.
+
+
+
+## Step 3: Create test storage accounts
+
+Return to the Azure portal and (as you did in the **Observe Resource Activity** guide) create several new storage accounts with TLS version downgraded to 1.0. For the example, we will create the following:
+
+- guardrailsazurestorage2
+- guardrailsazurestorage3
+
+Keep your names similar and consistent so you can easily filter and see all your test storage accounts together.
+
+## Step 4: View newly created storage accounts
+
+As you create the storage accounts, Guardrails detects them and evaluates their configuration relative to your policies. By changing our search string we can see all at the same time.
+
+
+
+The new storage accounts are in the `Alarm` state because, as with the first one, you downgraded TLS to 1.0. The current policy requires all storage accounts to have a minimum version of 1.2.
+
+## Step 5: Review
+
+In this guide you created new Azure storage accounts and observed how the Policy Pack added at the subscription level evaluates their governance status.
+
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/create-static-exception) we’ll learn how to create an exception so that a storage account can be exempt from the access control requirement.
+
+
+# Review Subscription-Wide Governance
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] **Review Subscription-Wide Governance**
+- [ ] Create a Static Exception to a Guardrails Azure Policy
+- [ ] Create a Calculated Exception to a Guardrails Azure Policy
+- [ ] Send an Alert to Email
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-1.png b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-1.png
new file mode 100644
index 00000000..8274b5cf
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-1.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-2.png b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-2.png
new file mode 100644
index 00000000..30f567a9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-filter-2.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/raw-storage-accounts-in-alarm.png b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-storage-accounts-in-alarm.png
new file mode 100644
index 00000000..8ba65a3b
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/raw-storage-accounts-in-alarm.png differ
diff --git a/docs/getting-started/getting-started-azure/review-subscription-wide/storage-accounts-in-alarm.png b/docs/getting-started/getting-started-azure/review-subscription-wide/storage-accounts-in-alarm.png
new file mode 100644
index 00000000..9737a97e
Binary files /dev/null and b/docs/getting-started/getting-started-azure/review-subscription-wide/storage-accounts-in-alarm.png differ
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/create-notification-rule.png b/docs/getting-started/getting-started-azure/send-alert-to-email/create-notification-rule.png
new file mode 100644
index 00000000..a1a3290a
Binary files /dev/null and b/docs/getting-started/getting-started-azure/send-alert-to-email/create-notification-rule.png differ
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/find-control-uri.png b/docs/getting-started/getting-started-azure/send-alert-to-email/find-control-uri.png
new file mode 100644
index 00000000..e0858f0c
Binary files /dev/null and b/docs/getting-started/getting-started-azure/send-alert-to-email/find-control-uri.png differ
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/find-skipped.png b/docs/getting-started/getting-started-azure/send-alert-to-email/find-skipped.png
new file mode 100644
index 00000000..ad7b0cbb
Binary files /dev/null and b/docs/getting-started/getting-started-azure/send-alert-to-email/find-skipped.png differ
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/index.md b/docs/getting-started/getting-started-azure/send-alert-to-email/index.md
new file mode 100644
index 00000000..127cb925
--- /dev/null
+++ b/docs/getting-started/getting-started-azure/send-alert-to-email/index.md
@@ -0,0 +1,122 @@
+---
+title: Send an Alert to Email
+sidebar_label: Send an Alert to Email
+---
+
+# Send an Alert to Email
+
+In this guide you'll learn how to enable Guardrails notifications and configure the notification rules to send email notifications. Similar configuration options exist to send notifications to Slack or Teams channels, and to generic webhooks. Our [launch week announcement blog post](/guardrails/blog/2023/10/guardrails-notifications) includes a demo of notifications in action.
+
+This is the eighth guide in the *Getting started with Azure series*.
+
+## Prerequisites
+
+- Completion of the previous guides in this series.
+- Access to the Guardrails console with administrative privileges.
+
+## Step 1: Create policy setting
+
+To enable notifications for your workspace, select **Policies** in the top navigation bar, and then search for `turbot notifications`. Select the **Turbot > Notifications** policy type.
+
+
+
+Select the **New Policy Setting** button.
+
+
+
+## Step 2: Choose level
+
+Select the **Turbot** root node as the resource.
+
+> [!NOTE]
+> Notifications polices may only be created at the root level (aka Turbot level) of the resource hierarchy.
+
+
+
+## Step 3: Choose setting
+
+Choose the **Enabled** setting. Then select **Create**.
+
+
+
+## Step 4: List notifications policies
+
+Navigate back to the list of Notification policies by clicking on the word `Notifications` in the `Turbot > Notifications` breadcrumb.
+
+
+
+## Step 5: Select Rules policy
+
+Select the **Rule-Based Routing** policy type from the list of policies.
+
+
+
+## Step 6: View the Policy Type
+
+Select **New Policy Setting**.
+
+
+
+## Step 7: Find control URI
+
+Go top-level Controls, search for `Azure > Storage > Storage Account > Minimum TLS Version`, switch to the Developers tab, locate `CONTROL TYPE URI` and click to copy icon to copy the uri.
+
+
+
+
+
+## Step 8: Create notification rule
+
+Again choose **Turbot** as the **Resource**. Copy and paste this rule, using one or more email addresses you want to notify. Specify the `controlType` uri as derived from Step:7
+
+```yaml
+- rules: NOTIFY $.control.state:alarm $.control.state:alarm $.controlType.uri:'tmod:@turbot/azure-storage#/policy/types/storageAccountMinimumTlsVersion'
+ emails:
+ - you@yourcompany.com
+```
+
+The rule will send an alert to the configured email address when any control enters the `Alarm` state for storage account TLS version. See [Notification Feature](/guardrails/docs/guides/using-guardrails/notifications) for more details.
+
+Select **Create**.
+
+
+
+## Step 9: Find the storage account skipped by your calculated policy
+
+At the end of [Create a calculated exception](/guardrails/getting-started/getting-started-gcp/create_calculated_exception), your test storage account – the one you tagged with `environment:development` – was in a `Skipped` state for access control. To verify, revisit **Controls by State** in `Reports` menu, choose the **Type** as **Azure > Storage > Storage Account > Minimum TLS Version**, and search for the storage account.
+
+
+
+## Step 10: Trigger the notification
+
+Now, in the Azure portal console, change the tag `environment:development` to `environment:production`. The calculated policy setting, which had evaluated to `Skip`, now evaluates to `Check: TLS 1.2`. And because you left the setting at TLS 1.0, the control for that setting now transitions to `Alarm`.
+
+
+
+## Step 11: Check your email
+
+The alarm reported in the Guardrails console also appears in your inbox. You can alternatively configure Guardrails to send alerts to [Slack](/guardrails/docs/guides/using-guardrails/notifications/templates#example-slack-template) or [MS Teams](/guardrails/docs/guides/using-guardrails/notifications/templates#example-ms-teams-template).
+
+
+
+## Step 12: Review
+
+In this guide you configured a simple notification rule and triggered a notification event.
+
+## Next Steps
+
+In the [next guide](/guardrails/docs/getting-started/getting-started-azure/apply-quick-action) you’ll learn how to configure for [Quick Actions]([/guardrails/docs/guides/quick-actions](https://turbot.com/guardrails/docs/guides/quick-actions#enabling-quick-actions)) so you can, for example, directly enforce TLS 1.2 on a storage account that’s now in the `Alarm` state and make it green.
+
+
+## Progress tracker
+
+- [x] Prepare an Azure Subscription for Import to Guardrails
+- [x] Connect an Azure Subscription to Guardrails
+- [x] Observe Azure Resource Activity
+- [x] Enable Your First Guardrails Policy Pack
+- [x] Review Subscription-Wide Governance
+- [x] Create a Static Exception to a Guardrails Azure Policy
+- [x] Create a Calculated Exception to a Guardrails Azure Policy
+- [x] **Send an Alert to Email**
+- [ ] Apply a Quick Action
+- [ ] Enable Automatic Enforcement
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/storage-account-in-alarm.png b/docs/getting-started/getting-started-azure/send-alert-to-email/storage-account-in-alarm.png
new file mode 100644
index 00000000..63f761b9
Binary files /dev/null and b/docs/getting-started/getting-started-azure/send-alert-to-email/storage-account-in-alarm.png differ
diff --git a/docs/getting-started/getting-started-azure/send-alert-to-email/view-email-notification.png b/docs/getting-started/getting-started-azure/send-alert-to-email/view-email-notification.png
new file mode 100644
index 00000000..6009b548
Binary files /dev/null and b/docs/getting-started/getting-started-azure/send-alert-to-email/view-email-notification.png differ
diff --git a/docs/getting-started/getting-started-gcp/connect-project/index.md b/docs/getting-started/getting-started-gcp/connect-project/index.md
index d53ab928..e0a3981e 100755
--- a/docs/getting-started/getting-started-gcp/connect-project/index.md
+++ b/docs/getting-started/getting-started-gcp/connect-project/index.md
@@ -13,18 +13,18 @@ This is the second guide in the *Getting started with GCP* series.
## Prerequisites
- Completion of the previous guide: *Prepare an GCP Project for Import to Guardrails*.
-
+
- Access to the Turbot Guardrails console with admin privilege.
## Step 1: Login to Guardrails
-
-Login to your Guardrails console and select the **CONNECT** option from the home page.
+
+Login to your Guardrails console and select the **CONNECT** option from the home page.
## Step 2: Select GCP
Select **GCP** from the import options.
-
+
## Step 3: Select import location
@@ -42,42 +42,46 @@ In the previous guide you created and downloaded a JSON-format key file. Locate
## Step 5: Connect
-Select the **Connect** button.
+Select the **Connect** button.
+
+
-
-
## Step 6: Observe progress
-
+
Wait for the progress bar to complete. This process takes a while, and you’ll see the bars fluctuate. The number of resources will grow as Guardrails discovers them.
-
+
## Step 7: View Controls by state
-Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
+Select **Reports** from the top navigation menu. Type `controls` into the **Search reports…** field to show only reports with the word "controls" in their name. Select the **Controls by State** report from the list.
## Step 8: Configure report filter
-Select the **Type** dropdown from the filters bar. Then enable the check box next to **GCP** to limit the report to only show GCP controls.
+Select the **Type** dropdown from the filters bar. Then enable the check box next to **GCP** to limit the report to only show GCP controls.
## Step 9: Review Controls
-Review the status of your controls for GCP. `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your project. If you see controls in `Error` or `Invalid` states, those must be cleared before moving further into these guides.
-
+Review the status of your controls for GCP. `Alarm`, `OK`, `Skipped`, and `TBD` are all common and normal states to see in your project.
+
+> [!IMPORTANT]
+> The controls in `Error` or `Invalid` states must be cleared before moving further into these guides.
+> It takes few mins depending on various factors. We suggest to wait and report to [Turbot support](help@turbot.com), in case these errors are not cleared up automatically.
+
Bookmark the **Controls by State** report, you’ll need it in subsequent guides.
## Next Steps
-
+
You've now successfully connected your GCP project to Guardrails.
-In the [next guide](/guardrails/docs/getting-started/getting-started-gcp/observe-gcp-activity) we’ll see how Guardrails watches your project and reacts to resource changes.
+In the [next guide](/guardrails/docs/getting-started/getting-started-gcp/observe-gcp-activity) we’ll see how Guardrails watches your project and reacts to resource changes.
## Progress tracker
- [x] Prepare a GCP Project for Import to Guardrails
diff --git a/docs/sidebar.json b/docs/sidebar.json
index d0ab73f1..69c48412 100644
--- a/docs/sidebar.json
+++ b/docs/sidebar.json
@@ -39,6 +39,23 @@
"getting-started/getting-started-aws/enable-enforcement"
]
},
+ {
+ "type": "category",
+ "id": "getting-started-gcp",
+ "link": "getting-started/getting-started-azure",
+ "items": [
+ "getting-started/getting-started-azure/prepare-subscription",
+ "getting-started/getting-started-azure/connect-subscription",
+ "getting-started/getting-started-azure/observe-azure-activity",
+ "getting-started/getting-started-azure/enable-policy-pack",
+ "getting-started/getting-started-azure/review-subscription-wide",
+ "getting-started/getting-started-azure/create-static-exception",
+ "getting-started/getting-started-azure/create-calculated-exception",
+ "getting-started/getting-started-azure/send-alert-to-email",
+ "getting-started/getting-started-azure/apply-quick-action",
+ "getting-started/getting-started-azure/enable-enforcement"
+ ]
+ },
{
"type": "category",
"id": "getting-started-gcp",