governance and management in Azure services Flashcards
is an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements.
Azure Policy
How are Azure Policy and RBAC different
RBAC focuses on user actions at different scopes.
Azure Policy focuses on resource properties during deployment and for already-existing resources.
A component of a Azure Policy that, expresses what to evaluate and what action to take.
Policy Definition (Azure Policy)
is a policy definition that has been assigned to take place within a specific scope.
This scope could range from a full subscription down to a resource group.
Policy Assignment (Azure Policy)
Requests to create or update a resource through Azure Resource Manager are evaluated by Azure Policy first. Azure Policy will take a specific action based on the assigned effect.
- Deny
- Disabled
- Append
- Audit
Policy Effect (Azure Policy)
is a set or group of policy definitions to help track your compliance state for a larger goal.
initiative definition (Azure Policy)
is an initiative definition assigned to a specific scope.
initiative assignment (Azure Policy)
Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions.
Azure Management
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:
- Role assignments
- Policy assignments
- Azure Resource Manager templates
- Resource groups
Azure Blueprints
Azure Blueprints - Note1
With Azure Blueprint, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved deployment tracking and auditing.
The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Blueprints deploys your resources to.
ARM Template vs. Blueprints
a Resource Manager template is a document that doesn’t exist natively in Azure – each is stored either locally or in source control. The template gets used for deployments of one or more Azure resources, but once those resources deploy there’s no active connection or relationship to the template.
With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.
explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Microsoft Privacy Statement
is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
Microsoft Trust Center
hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.
Service Trust Portal (STP)
is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
Compliance Manager
Compliance Manager - NOTE
Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations for improvement. The Customer Actions provided in Compliance Manager are recommendations only; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.
maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Azure Monitor
Data about the performance and functionality of the code you have written, regardless of its platform.
Azure Monitor - Application monitoring data
Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.
Azure Monitor - Guest OS monitoring data
Data about the operation of an Azure resource.
Azure Monitor - Azure resource monitoring data
Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.
Azure Monitor - Azure subscription monitoring data
Data about the operation of tenant-level Azure services, such as Azure Active Directory.
Azure Monitor - Azure tenant monitoring data
extend the data you’re collecting into the actual operation of the resources by enabling diagnostics and adding an agent to compute resources. Under the resource settings you can enable Diagnostics
- Enable guest-level monitoring
- Performance counters: collect performance data
- Event Logs: enable various event logs
- Crash Dumps: enable or disable
- Sinks: send your diagnostic data to other services for more analysis
- Agent: configure agent settings
Diagnostic settings
service that monitors the availability, performance, and usage of your web applications, whether they’re hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application’s operations.
Application Insights
is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes).
Azure Monitor for VMs
Azure Monitor uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively. Autoscale enables you to create rules that use metrics, collected by Azure Monitor, to determine when to automatically add resources to handle increases in load. Autoscale can also help reduce your Azure costs by removing resources that are not being used.
Azure Monitor AutoScale
is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved.
Azure Service Health