governance and management in Azure services

Question 1

is an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements.

Answer 1

Azure Policy

Question 2

How are Azure Policy and RBAC different

Answer 2

RBAC focuses on user actions at different scopes.

Azure Policy focuses on resource properties during deployment and for already-existing resources.

Question 3

A component of a Azure Policy that, expresses what to evaluate and what action to take.

Answer 3

Policy Definition (Azure Policy)

Question 4

is a policy definition that has been assigned to take place within a specific scope.

This scope could range from a full subscription down to a resource group.

Answer 4

Policy Assignment (Azure Policy)

Question 5

Requests to create or update a resource through Azure Resource Manager are evaluated by Azure Policy first. Azure Policy will take a specific action based on the assigned effect.

• Deny
• Disabled
• Append
• Audit

Answer 5

Policy Effect (Azure Policy)

Question 6

is a set or group of policy definitions to help track your compliance state for a larger goal.

Answer 6

initiative definition (Azure Policy)

Question 7

is an initiative definition assigned to a specific scope.

Answer 7

initiative assignment (Azure Policy)

Question 8

Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions.

Answer 8

Azure Management

Question 9

enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.

is a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:

• Role assignments
• Policy assignments
• Azure Resource Manager templates
• Resource groups

Answer 9

Azure Blueprints

Question 10

Azure Blueprints - Note1

Answer 10

With Azure Blueprint, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved deployment tracking and auditing.

The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Blueprints deploys your resources to.

Question 11

ARM Template vs. Blueprints

Answer 11

a Resource Manager template is a document that doesn’t exist natively in Azure – each is stored either locally or in source control. The template gets used for deployments of one or more Azure resources, but once those resources deploy there’s no active connection or relationship to the template.

With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.

Question 12

explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Answer 12

Microsoft Privacy Statement

Question 13

is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.

Answer 13

Microsoft Trust Center

Question 14

hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services.

Answer 14

Service Trust Portal (STP)

Question 15

is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.

Answer 15

Compliance Manager

Question 16

Compliance Manager - NOTE

Answer 16

Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations for improvement. The Customer Actions provided in Compliance Manager are recommendations only; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.

Question 17

maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

Answer 17

Azure Monitor

Question 18

Data about the performance and functionality of the code you have written, regardless of its platform.

Answer 18

Azure Monitor - Application monitoring data

Question 19

Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.

Answer 19

Azure Monitor - Guest OS monitoring data

Question 20

Data about the operation of an Azure resource.

Answer 20

Azure Monitor - Azure resource monitoring data

Question 21

Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.

Answer 21

Azure Monitor - Azure subscription monitoring data

Question 22

Data about the operation of tenant-level Azure services, such as Azure Active Directory.

Answer 22

Azure Monitor - Azure tenant monitoring data

Question 23

extend the data you’re collecting into the actual operation of the resources by enabling diagnostics and adding an agent to compute resources. Under the resource settings you can enable Diagnostics

• Enable guest-level monitoring
• Performance counters: collect performance data
• Event Logs: enable various event logs
• Crash Dumps: enable or disable
• Sinks: send your diagnostic data to other services for more analysis
• Agent: configure agent settings

Answer 23

Diagnostic settings

Question 24

service that monitors the availability, performance, and usage of your web applications, whether they’re hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application’s operations.

Answer 24

Application Insights

Question 25

is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes).

Answer 25

Azure Monitor for VMs

Question 26

Azure Monitor uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively. Autoscale enables you to create rules that use metrics, collected by Azure Monitor, to determine when to automatically add resources to handle increases in load. Autoscale can also help reduce your Azure costs by removing resources that are not being used.

Answer 26

Azure Monitor AutoScale

Question 27

is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved.

Answer 27

Azure Service Health