Mod 15 - Describe features and tools in Azure for governance and compliance Flashcards
Azure Blueprints
lets you standardize cloud subscription or environment deployments.
Instead of having to configure features like Azure Policy for each new subscription, with Azure Blueprints you can define repeatable settings and policies that are applied as new subscriptions are created. won’t prevent an out-of-police resource creation.
3 Attributes of blueprints
- Azure Blueprints are version-able, allowing you to create an initial configuration and then make updates later on and assign a new version to the update
- You can specify a parameter’s value when you create the blueprint definition or when you assign the blueprint definition to a scope
- With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved
Artifact
a component in the blueprint definition. Ex. Allowed Locations or Deploy threat detection
can also contain one or more parameters that you can configure
2 Types of Resource Locks
- Delete means authorized users can still read and modify a resource, but they can’t delete the resource.
- ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
How do I manage resource locks?
To view, add, or delete locks in the Azure portal, go to the Settings section of any resource’s Settings pane in the Azure portal.
How do I delete or change a locked resource?
To modify a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform
Describe the purpose of the Service Trust portal
a portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.
https://servicetrust.microsoft.com/
