Please enable JavaScript.
Coggle requires JavaScript to display documents.
1.2 azure policy - Coggle Diagram
1.2 azure policy
management groups
containers for managing access, policies, and compliance
-
one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions.
Root management group
-
all existing subscriptions in the Azure AD organization are made children of the root management group.
Any Azure AD user in the organization can create a management group.
The creator is given an Owner role assignment
-
creates subscriptions, they are automatically added to the root management group
Azure Blueprints
define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements.
-
- Create an Azure Blueprint
- Assign the blueprint
- Track the blueprint assignments
- blueprint definition (what should be deployed)
- blueprint assignment (what was deployed)
everything that you want to include for deployment in Blueprints can be accomplished with a Resource Manager template
BUT Resource Manager template is a document that doesn't exist natively in Azure.
-
Compliance Manager
- Microsoft Privacy Statement
what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
how Microsoft implements and supports security, privacy, compliance, and transparency
-
workflow-based risk assessment dashboard within the Service Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft
- Detailed information provided by Microsoft to auditors and regulators
- Information that Microsoft compiles internally for its compliance with regulations (GDPR)
- organization's self-assessment of their own compliance with these standards and regulations.
-
Monitor
collecting, analyzing, and acting on telemetry from your cloud and on-premises environments
- Application monitoring data
- Guest OS monitoring data
- Azure resource monitoring data
- Azure subscription monitoring data
- Azure tenant monitoring data
-
-
-
-
-
- Azure Status : health state of Azure services
- Service Health: ongoing service issues, upcoming planned maintenance
- Resource Health: when an Azure service issue affects your resources
-
-
effect
- deny
the resource creation/update fails due to policy.
- Disabled
The policy rule is ignored (disabled).
- Append
Adds additional parameters/fields to the requested resource during creation or update. A common example is adding tags
- Audit, AuditIfNotExists
warning event
- DeployIfNotExists
Executes a template deployment when a specific condition is met.
- Create a policy definition
- Assign a definition to a scope of resources
- View policy evaluation results
-