From a29098591d442b5986dcf8f8590529947fdbab33 Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Tue, 10 Mar 2026 09:30:11 +0100 Subject: [PATCH 1/3] update tag assignment instructions for data classification policy Signed-off-by: Jan Egil Ring --- .../walkthrough/challenge-01/solution-01.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md index ad162f0ab..5f75bdc23 100644 --- a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md +++ b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md @@ -192,10 +192,10 @@ This policy requires that resources have a specific tag with a specific value. 1. Navigate to **Policy** > **Assignments** 2. Click **Assign policy** -3. Search for "Require a tag and its value" +3. Search for "Require a tag and its value on resources" 4. Configure: - **Scope**: Your resource group - - **Assignment name**: "Require Data Classification Tag" + - **Assignment name**: "labuser-xx - Require Data Classification Tag" (replace xx with your labuser value) - **Parameters**: - **Tag name**: `DataClassification` - **Tag value**: `Sovereign` From 38a3a346c3f80af1a59482ac13f67ad37a4357f6 Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Tue, 10 Mar 2026 09:34:49 +0100 Subject: [PATCH 2/3] update assignment name for blocking public IP addresses in Azure Policy instructions Signed-off-by: Jan Egil Ring --- .../01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md index 5f75bdc23..d32cc33ff 100644 --- a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md +++ b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md @@ -274,7 +274,7 @@ Azure provides several policies to control public network access: 3. Search for "Not allowed resource types" 4. Configure: - **Scope**: Your resource group (e.g., `labuser-01`). **Do NOT select the subscription.** - - **Assignment name**: "Block Public IP Addresses" + - **Assignment name**: "labuser-xx - Block Public IP Addresses" (replace xx with your labuser value) - **Parameters**: - **Not allowed resource types**: Select `Microsoft.Network/publicIPAddresses` 5. Click **Review + create** and **Create** From 9482eecff6708df31024b18ec424a480adfe93e9 Mon Sep 17 00:00:00 2001 From: Jan Egil Ring Date: Tue, 10 Mar 2026 18:07:10 +0100 Subject: [PATCH 3/3] update policy assignment scope to target specific resource group Signed-off-by: Jan Egil Ring --- .../01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md index d32cc33ff..9f7f5162d 100644 --- a/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md +++ b/03-Azure/01-03-Infrastructure/01_Sovereign_Cloud/walkthrough/challenge-01/solution-01.md @@ -820,7 +820,7 @@ TAG_INHERIT_POLICY="cd3aa116-8754-49c9-a813-ad46512ece54" az policy assignment create \ --name "${ATTENDEE_ID}-inherit-dataclassification-tag" \ --display-name "${DISPLAY_PREFIX} - Inherit DataClassification Tag from RG" \ - --scope "/subscriptions/$SUBSCRIPTION_ID" \ + --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP" \ --policy "$TAG_INHERIT_POLICY" \ --params '{ "tagName": {