Azure Policy Flashcards
NB: Azure Policy
Azure Policy is an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements.
How are Azure Policy and RBAC different?
RBAC focuses on user actions at different scopes.
Azure Policy controls properties such as the types or locations of resources.
Policy assignment
A policy assignment is a policy definition that has been assigned to take place within a specific scope.
policy definition in Azure Policy has a single effect.
Deny - The resource creation/update fails due to policy.
Disabled - The policy rule is ignored (disabled). Often used for testing.
Append - Adds additional parameters/fields to the requested resource during creation or update. A common example is adding tags on resources such as Cost Center or specifying allowed IPs for a storage resource.
Audit, AuditIfNotExists - Creates a warning event in the activity log when evaluating a non-compliant resource, but it doesn’t stop the request.
DeployIfNotExists - Executes a template deployment when a specific condition is met. For example, if SQL encryption is enabled on a database, then it can run a template after the DB is created to set it up a specific way.
NB: Azure Blueprints
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
Azure Blueprints is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:
Role assignments
Policy assignments
Azure Resource Manager templates
Resource groups
The process of implementing Azure Blueprint consists of the following high-level steps:
Create an Azure Blueprint
Assign the blueprint
Track the blueprint assignments
NB: Microsoft Privacy Statement
explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
NB: What is the Microsoft Trust Center?
Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
provides support and resources for the legal and compliance community
NB: What is the Service Trust Portal?
hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.
NB: Compliance Manager
is a workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities
NB: Azure Monitor
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Activity logs and metrics
Activity Logs record when resources are created or modified and Metrics tell you how the resource is performing and the resources that it’s consuming.
Application Insights
Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they’re hosted in the cloud or on-premises.
Integrates with DevOps
Leverages Log analytics data analysis platform
Can diagnose errors without waiting for a user to report them
Azure Monitor for containers
service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters, hosted on Azure Kubernetes Service (AKS)
It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.
Azure Monitor for VMs
service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes).
