Differences

This shows you the differences between two versions of the page.

--- azure:az-500:enterprise_governance [2022/06/26 15:36] – [Azure Blueprints] mmuze
+++ azure:az-500:enterprise_governance [2022/07/23 00:13] (current) – mmuze
@@ Line 12: / Line 12: @@
 {{:azure:az-500:rbac-scope.png|}}
-===== Management Groups =====
+====== Management Groups ======
 //Management groups provide a governance scope above subscriptions.//
   * [[https://docs.microsoft.com/en-us/learn/modules/enterprise-governance/4-azure-hierarchy]]
@@ Line 44: / Line 44: @@
   * To add tags to resources that need for tracking purposes
-===== RBAC =====
+===== Policy Responses =====
+  * Deny the resource change
+  *Log the change to the resource
+  * Alter the resource before the change
+  * Alter the resource after the change
+  * Deploy related compliant resources
+===== RBAC Permissions for Azure Policy =====
+  * [[https://docs.microsoft.com/en-us/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy]]
+====== RBAC ======
 > RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
@@ Line 70: / Line 81: @@
   * **Resource Locks** are an additional layer of protection for resources above what is provided by RBAC roles. It can be used to prevent resources from being changed or deleted.
-===== Azure Blueprints =====
+====== Azure Blueprints ======
 Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
@@ Line 85: / Line 96: @@
 ==== Modes ====
-  Blueprints can be