Differences

This shows you the differences between two versions of the page.

--- azure:az-500:enterprise_governance [2022/06/26 15:34] – [Azure Blueprints] mmuze
+++ azure:az-500:enterprise_governance [2022/07/23 00:13] (current) – mmuze
@@ Line 12: / Line 12: @@
 {{:azure:az-500:rbac-scope.png|}}
-===== Management Groups =====
+====== Management Groups ======
 //Management groups provide a governance scope above subscriptions.//
   * [[https://docs.microsoft.com/en-us/learn/modules/enterprise-governance/4-azure-hierarchy]]
@@ Line 44: / Line 44: @@
   * To add tags to resources that need for tracking purposes
-===== RBAC =====
+===== Policy Responses =====
+  * Deny the resource change
+  *Log the change to the resource
+  * Alter the resource before the change
+  * Alter the resource after the change
+  * Deploy related compliant resources
+===== RBAC Permissions for Azure Policy =====
+  * [[https://docs.microsoft.com/en-us/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy]]
+====== RBAC ======
 > RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
@@ Line 70: / Line 81: @@
   * **Resource Locks** are an additional layer of protection for resources above what is provided by RBAC roles. It can be used to prevent resources from being changed or deleted.
-===== Azure Blueprints =====
+====== Azure Blueprints ======
 Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
@@ Line 82: / Line 93: @@
   * [[https://docs.microsoft.com/en-us/azure/governance/blueprints/overview]]
   * A **Blueprint** can consist of zero or more ARM templates.
+  * With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments.
 ==== Modes ====
-  Blueprints can be