Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 3 - Governance Methodologies, Monitoring & Reporting (Azure…
Module 3 - Governance Methodologies, Monitoring & Reporting
Azure Policy
- Assign a definition to a scope of resources
A policy assignment is a policy definition that has been assigned to take place within a specific scope. This scope could range from a management group to a resource group. Policy
Policy assignments are inherited by all child resources. This means that if a policy is applied to a resource group, it is applied to all the resources within that resource group. However, you can exclude a subscope from the policy assignment
- Review the policy evaluation results
When a condition is evaluated against your existing resources it is marked compliant or non-compliant. You can review the non-compliant policy results and take any action that is needed
- Create a Policy Definition
Allowed Storage Account SKUs. This policy definition has a set of conditions/rules that determine whether a storage account that is being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that do not adhere to the set of defined SKU sizes.
Allowed Resource Type. This policy definition has a set of conditions/rules to specify the resource types that your organization can deploy. Its effect is to deny all resources that are not part of this defined list.
Allowed Locations. This policy enables you to restrict the locations that your organization can specify when deploying resources. Its effect is used to enforce your geographic compliance requirements.
Allowed Virtual Machine SKUs. This policy enables you to specify a set of VM SKUs that your organization can deploy.
Policy Initiatives
Initiative Definitions - is a set of policy definitions to help track your compliance state for a larger goal. Initiative assignments reduce the need to make several initiative definitions for each scope.
Initiative Assignments - an initiative definition assigned to a specific scope. Initiative assignments reduce the need to make several initiative definitions for each scope. This scope could also range from a management group to a resource group.
-
Resource Locks
CanNotDelete means authorized admins can still read and modify a resource, but they can't delete the resource.
ReadOnly means authorized admins can read a resource, but they can't delete or update the resource
prevent accidental deletion or modification of your Azure resources. You can manage these locks from within the Azure portal
Tags
apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. Each tag consists of a name and a value pair
-
-
Azure Blueprints
a declarative way to orchestrate the deployment of various resource templates and other artifacts, such as:
-
-
-
-
Azure Monitor
Application monitoring data: Data about the performance and functionality of the code you have written, regardless of its platform.
Guest OS monitoring data: Data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.
-
Azure subscription monitoring data: Data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.
Azure tenant monitoring data: Data about the operation of tenant-level Azure services, such as Azure Active Directory
Azure Service Health
a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can
-
Service Health provides you with a customizable dashboard that tracks the state of your Azure services in the regions where you use them.
Resource Health helps you diagnose and obtain support when an Azure service issue affects your resources. It provides you details with about the current and past state of your resources. It also provides technical support
-