Azure Governance Features Flashcards

1
Q

Role-based access control

A

Create roles that represent the common tasks of the, assign granular permission on that role and assign users to those roles. Do not assign granular permissions to each individuals.
Predefined roles: Reader (can access but not modify it), Contributor (full permissions to the app), Owner (can grant and revoke access).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Locks

A

Putting locks on resources protects them from accidents and normally it’s needed to deny the users to delete those locks, so they have access to the resource but can’t delete created locks. Its one more way of enforcing authorization on resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tags

A

Gives the ability to give metadata as you’re creating a resource so you can modify that as well. Its extra information you can add to the resource. Examples: Helps with billing and support machines so you know what’s being billed from each budget; Name/Email of the person in charge for the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azure Policy - Governance

A

Group of people that set the rules and policies of the company. In Azure you may have certain policies your company wants to enforce. Create rules across all of your Azure resources. Evaluate compliance to those rules.

Its even possible to create your own policies and more custom rules and you can check the compliance level of those policies in dashboards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examples of built-in policies:

A
  • Restrict some resource types;
  • Restrict creating resources in some regions;
  • Restrict some VM to be created (some expensive ones for example);
  • Enforce the usage of some tags in every resource or set default tags;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Azure Blueprints

A

Set of templates you can create with roles and policies already predefined. Every time you create a new subscription you can create it from a blueprint, so instead of starting empty they start with a template full of existing setting.

You can create a blueprint from blank and set your own definitions or start from a predefined one, sometimes country specific with rule that apply to a certain country. You have to save a blueprint in a management group or subscription. Then you add artifacts to the blueprint and you have to choose a artifact type (policy assignment, role assignment, azure resource manager template, resource group) and then choose what you want to set in each artifact type you choose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly