Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| azure:az-500:enterprise_governance [2022/06/26 15:01] – [Azure Policy] mmuze | azure:az-500:enterprise_governance [2022/07/23 00:13] (current) – mmuze | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| {{: | {{: | ||
| - | ===== Management Groups ===== | + | ====== Management Groups |
| // | // | ||
| * [[https:// | * [[https:// | ||
| Line 25: | Line 25: | ||
| ====== Azure Policy ====== | ====== Azure Policy ====== | ||
| > Azure Policy is a service you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. | > Azure Policy is a service you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. | ||
| + | |||
| + | * [[https:// | ||
| * Azure Policy is a free service | * Azure Policy is a free service | ||
| Line 42: | Line 44: | ||
| * To add tags to resources that need for tracking purposes | * To add tags to resources that need for tracking purposes | ||
| - | ===== RBAC ===== | + | ===== Policy Responses ===== |
| + | * Deny the resource change | ||
| + | *Log the change to the resource | ||
| + | * Alter the resource before the change | ||
| + | * Alter the resource after the change | ||
| + | * Deploy related compliant resources | ||
| + | |||
| + | ===== RBAC Permissions for Azure Policy ===== | ||
| + | * [[https:// | ||
| + | |||
| + | |||
| + | ====== RBAC ====== | ||
| > RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. | > RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. | ||
| Line 68: | Line 81: | ||
| * **Resource Locks** are an additional layer of protection for resources above what is provided by RBAC roles. It can be used to prevent resources from being changed or deleted. | * **Resource Locks** are an additional layer of protection for resources above what is provided by RBAC roles. It can be used to prevent resources from being changed or deleted. | ||
| - | ===== Azure Blueprints ===== | + | ====== Azure Blueprints ====== |
| + | |||
| + | Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as: | ||
| + | * Role Assignments | ||
| + | * Policy Assignments | ||
| + | * Azure Resource Manager templates (ARM templates) | ||
| + | * Resource Groups | ||
| Azure Blueprints seem analogous to AWS CloudFormation templates. They are like ARM templates, but the template and it's relationship/ | Azure Blueprints seem analogous to AWS CloudFormation templates. They are like ARM templates, but the template and it's relationship/ | ||
| * [[https:// | * [[https:// | ||
| + | * [[https:// | ||
| * A **Blueprint** can consist of zero or more ARM templates. | * A **Blueprint** can consist of zero or more ARM templates. | ||
| + | * With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. | ||
| + | ==== Modes ==== | ||