Subscriptions & Governance

Question 1

What does an account represent?

Answer 1

A person or a program
App = managed identity (□ a program or service)
□ An account can be a owner of multiple tenants

Question 2

What is a tenant?

Answer 2

A representation of an organization

Usually associated with a domain name

Question 3

How many tenants must an account be associated with?

Answer 3

Every Azure Account is a part of at least one tenant

Question 4

Does every tenant have a subscription?

Answer 4

No, simply means the tenant cannot create resources.

Question 5

What is a resource group?

Answer 5

A way of organizing a group of resources
□ A resource can only be a part of a single resource group
□ Deleting a resource group deletes all resources in them

Question 6

Can you move a subscription from one tenant/directory to another?

Answer 6

Yes

Question 7

What is cost anomoly notification?

Answer 7

A notification that detects when a new charge occurs.
A new charge is defined as a new charge that was not the day before OR
§ Charges that were there but have stopped OR
§ Or charges that have significantly changed.

Question 8

What are azure advisor recommendations?

Answer 8

This is something that Microsoft offers recommendations for how you can save money on things.
§ Examples: reservations that you paid for but are not using, low cpu usage on vms, etc.

Question 9

What is a resource lock? and what are the two types of locks?

Answer 9

Lock type
□ Delete = can be modified, but not deleted
□ Read only= nothing can be changed

Question 10

What is Azure Policy? and what is an example?

Answer 10

Azure Policy helps to enforce organizational standards and to assess compliance at-scale
Example: storage accounts keys should not be expired

Question 11

What format are Azure Policies stored in?

Answer 11

JSON

Question 12

What are the two enforcement options for azure policy?

Answer 12

Enabled = outright deny creation, effect=deny
Disabled = Reports about compliance, effect=audit

Question 13

What is a filter with respect to azure policy?

Answer 13

You can filter out policies only on certain regions, resources, etc

Question 14

Do new azure policies effect existing resources?

Answer 14

No. New policies don’t affect any previously created resources, they just get reported that they are out of
compliance

Question 15

How can you determine if a resource is compliant with all azure policies? What will azure provide if it is not?

Answer 15

For any resource/resource group you can look at the “compliance” tab which outlines if your resources/rg is compliant with policies
○ Remediation = something you can do to get your resources to be compliant with your policies

Question 16

Can you move a resource to a different resource group in another subscription and region?

Answer 16

Yes! So long as the resources are available in that region

Question 17

Why would you want multiple subscriptions?

Answer 17

Multiple payment methods/payers

Sometimes project separation/business unit, etc