SlideShare una empresa de Scribd logo

[Azure Governance] Lesson 2 : Azure Locks

☁ Hicham KADIRI ☁

This is the Lesson 2 of the "Azure Governance - Free training" serie. This document describes Azure Locks and lists all key items you should now when designing your Azure Lock Hierarchy. Finally, the document describes all methods/tools (GUI & CLI) you can use to create and apply Azure Locks to your Subscriptions, Resource Groups and Azure Resources.

Tecnología
1 de 30
Descargar para leer sin conexión
Module 2 Azure Locks Azure Free Training Azure Governance Model By Hicham KADIRI January 20, 2018 A K&K Group Company
Contoso Ltd. About me Microsoft MVP • Windows Expert-IT Pro (2014-2015) • Cloud and Datacenter Management (2016) • Enterprise Mobility /RDS (2017) • CDCM /Azure (2018) Founder @BecomeITExpert.com Co-Founder @K&K Group Think {Cloud /DevOps /Security} IT Author (+10 eBooks) • RDS 2012 R2 and 2016 Pocket Consultant • RDS & OS Security & Hardening guide • Azure CLI 2.0 Pocket Consultant • GPO, PowerShell, AppLocker … Lead Cloud Architect /Az Expert • Working for several large companies and international group including Thales, Areva, Rabobank, Gemalto, Vinci, CE, BP…etc IT Blogger • hichamkadiri.wordpress.com • AskTheCloudExpert.wordpress.com • ~2millions views ☺ /hicham_kadiri /in/hichamkadiri TechNet Contributor (Top 0,5%) • MTFC (Microsoft Technical French Contributor) • MCC (Microsoft Community Contributor) Hicham KADIRI (aka #HK)
Document Objectives • Reminder about Azure Governance • Explains the importance of Locks in the Microsoft Azure environment • Keys items You Should Know • Azure Locks vs Azure RBAC • Required rights for Azure Locks • Azure GUI & CLI Tools you can use to create and Apply Azure Locks • DEMO : HowTo Lock your Azure Subscriptions, RG and Resources
Contoso Ltd. Reminder about Azure Governance #HK
Contoso Ltd. #HK
Contoso Ltd. Azure Locks Why it’s important ? #HK
Contoso Ltd. Microsoft Azure Locks What is it and Why it’s important ? • Azure Locks are an amazing way to protect your subscriptions, resource groups and Azure resources. • They ensure that what we have implemented is not changed, or worse, accidentally deleted. Important Note Azure Lock does not replace Azure RBAC. Cf next Slide ! #HK
Contoso Ltd. Azure Locks Keys items You Should Know #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Lockable Objects • You can Lock : • Subscription • Resource Group • Resource #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Lock Types • There are two Lock Types : • CanNotDelete ▪ You can “Read & Modify” the Resource ▪ You can’t Delete the Resource • Read-Only ▪ You can Read Resource Properties/Infos ▪ You can’t Delete or Modify Resource ▪ Important Note: ▪ Could have undesired results ! #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Inheritance • When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence. #HK Resource Group inherits Locks from Subscriptions Resource (eg : Azure VM) inherits Locks from Subscriptions and Resource Groups
Contoso Ltd. Microsoft Azure Locks Hierarchy (ex) #HK
Contoso Ltd. Azure Locks Required « Rights » #HK
Contoso Ltd. Microsoft Azure Locks Required “Rights” • To create or delete management locks, you must have access to the following actions : • Microsoft.Authorization/* • Or Microsoft.Authorization/Locks/* Note Of the built-in roles, only Owner and User Access Administrator are granted those actions. #HK
Contoso Ltd. Difference between Azure Locks & Azure RBAC #HK
Contoso Ltd. Difference between Azure Locks vs Azure RBAC • Azure Role-Based Access Control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Azure RBAC helps you manage access for users, groups, service principals. • Unlike Role-Based Access Control, you use Azure Locks to apply a restriction across all users and roles. • Useful Link • Visit the following link to read more about Azure RBAC : https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/ #HK
Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Locks #HK
Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Azure Locks • Azure Locks can be created and applied using different GUI & CLI Tools : • GUI : ▪ Azure Portal • CLI ▪ Windows PowerShell (using AzureRM Module) ▪ Azure CLI 2.0 #HK
Contoso Ltd. HowTo Lock Your Azure Subscriptions, RG and Resources #HK
Contoso Ltd. Create & Apply your Azure Locks using Azure Portal
Contoso Ltd. HowTo #1 Lock your Az Subscriptions, RG and Resources via Azure Portal • Connect to Azure Portal • https://portal.azure.com • Go to Subscriptions blade and select the Subscription you want to Lock • Then click on “Resource Locks” • Click “Add” and add your Azure Lock • You have to enter the following infos : ▪ Lock Name ▪ Lock Type : ▪ Delete ▪ Read-only ▪ Notes (Lock Description) #HK
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • If you want to create and apply Locks to Resource Groups or a specific Azure Resource, just Select your RG ou Azure Resource to lock and then, click on “Locks”. Finally click “Add” and enter the following infos : • Lock Name • Lock Type ▪ Delete ▪ Read-Only • Lock Notes (description) #HK
Contoso Ltd. Create & Apply your Azure Locks using AzureRM Module
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • The New-AzureRmResourceLock Cmd-let is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via AzureRM Module • If you want to create and apply Locks to a specific Azure Resource, you have to add –ResourceType parameter • In the following example, a new Azure Lock will be created and applied to “hk-prod-website” resource. This is an Azure WebSite, a “Microsoft.web/sites” resource type is specified/used : #HK New-AzureRmResourceLock -LockName « hk-prod-website-lock" -LockLevel CanNotDelete -LockNotes "This Lock prevents accidental deletion of HK-Web-Prod-WebSite resource" -ResourceName « hk- prod-website" -ResourceType "microsoft.web/sites"
Contoso Ltd. Create & Apply your Azure Locks using Azure CLI 2.0
Contoso Ltd. HowTo #3 Lock your Az Subscriptions, RG and Resources via Azure CLI • The Az Lock Create Command is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
Contoso Ltd. Do you have any Azure Project (Design/Architecture/Migration)? If yes, feel free to contact us Your Contacts Hicham KADIRI Lead Cloud Architect /Azure Advisor & Microsoft MVP hicham.kadiri@k-nd-k-group.com +33 (0)6 52 97 72 84 Mohsine CHOUGDALI Key Account Manager mohsine.chougdali@k-nd-k-group.com +33 6 66 26 55 15 A K&K Group Company
Contoso Ltd. #HK o_O /hicham_kadiri /in/hichamkadiri Subscribe to my Blog hichamkadiri.wordpress.com
Contoso Ltd. End of Lesson Hope this Helps ☺

Recomendados

[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelKarl Ots
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup SimplifiesTanawit Chansuchai
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for EnterpriseMohit Chhabra
 
Azure WAF
Azure WAFAzure WAF
Azure WAFCheah Eng Soon
 
Azure governance
Azure governanceAzure governance
Azure governancegirish goudar
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 

Recomendados

[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelKarl Ots
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup SimplifiesTanawit Chansuchai
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for EnterpriseMohit Chhabra
 
Azure WAF
Azure WAFAzure WAF
Azure WAFCheah Eng Soon
 
Azure governance
Azure governanceAzure governance
Azure governancegirish goudar
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudPredica Group
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Azure Governance
Azure GovernanceAzure Governance
Azure GovernanceBenjamin Hüpeden
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Azure Fundamentals Part 2
Azure Fundamentals Part 2Azure Fundamentals Part 2
Azure Fundamentals Part 2CCG
 
AZ-204 : Implement Azure security
AZ-204 : Implement Azure securityAZ-204 : Implement Azure security
AZ-204 : Implement Azure securityAzureEzy1
 
Azure subscription management with EA and CSP
Azure subscription management with EA and CSPAzure subscription management with EA and CSP
Azure subscription management with EA and CSPDaichi Isami
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure BlueprintsCheah Eng Soon
 
Azure Fundamentals Part 1
Azure Fundamentals Part 1Azure Fundamentals Part 1
Azure Fundamentals Part 1CCG
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
The Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data AnalyticsThe Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
 
Azure governance
Azure governanceAzure governance
Azure governanceUdaiappa Ramachandran
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for EnterprisesArchitecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for EnterprisesBhuvaneswari Subramani
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to AzureKaren Lopez
 
[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags☁ Hicham KADIRI ☁
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019Frans Lytzen
 

Más contenido relacionado

La actualidad más candente

Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudPredica Group
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Azure Fundamentals Part 2
Azure Fundamentals Part 2Azure Fundamentals Part 2
Azure Fundamentals Part 2CCG
 
AZ-204 : Implement Azure security
AZ-204 : Implement Azure securityAZ-204 : Implement Azure security
AZ-204 : Implement Azure securityAzureEzy1
 
Azure subscription management with EA and CSP
Azure subscription management with EA and CSPAzure subscription management with EA and CSP
Azure subscription management with EA and CSPDaichi Isami
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure BlueprintsCheah Eng Soon
 
Azure Fundamentals Part 1
Azure Fundamentals Part 1Azure Fundamentals Part 1
Azure Fundamentals Part 1CCG
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureKasun Kodagoda
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryRaju Kumar
 
The Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data AnalyticsThe Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data AnalyticsStephanie Locke
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAnoop Nair
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for EnterprisesArchitecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for EnterprisesBhuvaneswari Subramani
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to AzureKaren Lopez
 

La actualidad más candente (20)

Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdf
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Azure Fundamentals Part 2
Azure Fundamentals Part 2Azure Fundamentals Part 2
Azure Fundamentals Part 2
 
AZ-204 : Implement Azure security
AZ-204 : Implement Azure securityAZ-204 : Implement Azure security
AZ-204 : Implement Azure security
 
Azure subscription management with EA and CSP
Azure subscription management with EA and CSPAzure subscription management with EA and CSP
Azure subscription management with EA and CSP
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
 
Introduction to Azure Blueprints
Introduction to Azure BlueprintsIntroduction to Azure Blueprints
Introduction to Azure Blueprints
 
Azure Fundamentals Part 1
Azure Fundamentals Part 1Azure Fundamentals Part 1
Azure Fundamentals Part 1
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
The Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data AnalyticsThe Microsoft Well Architected Framework For Data Analytics
The Microsoft Well Architected Framework For Data Analytics
 
Azure governance
Azure governanceAzure governance
Azure governance
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
 
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for EnterprisesArchitecting for Success: Designing Secure GCP Landing Zone for Enterprises
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
 
Migrating Data and Databases to Azure
Migrating Data and Databases to AzureMigrating Data and Databases to Azure
Migrating Data and Databases to Azure
 

Similar a [Azure Governance] Lesson 2 : Azure Locks

[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags☁ Hicham KADIRI ☁
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019Frans Lytzen
 
7.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v0820207.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v082020Wim Matthyssen
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Chris Dagdigian
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with ChefChef Software, Inc.
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Stenio Ferreira
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureKarsten Müller
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentationFrans Lytzen
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention☁ Hicham KADIRI ☁
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiGirish Kalamati
 
Azure Ninja Tips and Tricks
Azure Ninja Tips and TricksAzure Ninja Tips and Tricks
Azure Ninja Tips and TricksTodd Whitehead
 
Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2AzureEzy1
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 

Similar a [Azure Governance] Lesson 2 : Azure Locks (20)

[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019
 
7.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v0820207.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v082020
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with Chef
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft Azure
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
Php on azure
Php on azurePhp on azure
Php on azure
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
 
[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish Kalamati
 
Azure Ninja Tips and Tricks
Azure Ninja Tips and TricksAzure Ninja Tips and Tricks
Azure Ninja Tips and Tricks
 
Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
 

Último

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Último (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

[Azure Governance] Lesson 2 : Azure Locks

  • 1. Module 2 Azure Locks Azure Free Training Azure Governance Model By Hicham KADIRI January 20, 2018 A K&K Group Company
  • 2. Contoso Ltd. About me Microsoft MVP • Windows Expert-IT Pro (2014-2015) • Cloud and Datacenter Management (2016) • Enterprise Mobility /RDS (2017) • CDCM /Azure (2018) Founder @BecomeITExpert.com Co-Founder @K&K Group Think {Cloud /DevOps /Security} IT Author (+10 eBooks) • RDS 2012 R2 and 2016 Pocket Consultant • RDS & OS Security & Hardening guide • Azure CLI 2.0 Pocket Consultant • GPO, PowerShell, AppLocker … Lead Cloud Architect /Az Expert • Working for several large companies and international group including Thales, Areva, Rabobank, Gemalto, Vinci, CE, BP…etc IT Blogger • hichamkadiri.wordpress.com • AskTheCloudExpert.wordpress.com • ~2millions views ☺ /hicham_kadiri /in/hichamkadiri TechNet Contributor (Top 0,5%) • MTFC (Microsoft Technical French Contributor) • MCC (Microsoft Community Contributor) Hicham KADIRI (aka #HK)
  • 3. Document Objectives • Reminder about Azure Governance • Explains the importance of Locks in the Microsoft Azure environment • Keys items You Should Know • Azure Locks vs Azure RBAC • Required rights for Azure Locks • Azure GUI & CLI Tools you can use to create and Apply Azure Locks • DEMO : HowTo Lock your Azure Subscriptions, RG and Resources
  • 6. Contoso Ltd. Azure Locks Why it’s important ? #HK
  • 7. Contoso Ltd. Microsoft Azure Locks What is it and Why it’s important ? • Azure Locks are an amazing way to protect your subscriptions, resource groups and Azure resources. • They ensure that what we have implemented is not changed, or worse, accidentally deleted. Important Note Azure Lock does not replace Azure RBAC. Cf next Slide ! #HK
  • 8. Contoso Ltd. Azure Locks Keys items You Should Know #HK
  • 9. Contoso Ltd. Microsoft Azure Locks What You Should Know : Lockable Objects • You can Lock : • Subscription • Resource Group • Resource #HK
  • 10. Contoso Ltd. Microsoft Azure Locks What You Should Know : Lock Types • There are two Lock Types : • CanNotDelete ▪ You can “Read & Modify” the Resource ▪ You can’t Delete the Resource • Read-Only ▪ You can Read Resource Properties/Infos ▪ You can’t Delete or Modify Resource ▪ Important Note: ▪ Could have undesired results ! #HK
  • 11. Contoso Ltd. Microsoft Azure Locks What You Should Know : Inheritance • When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence. #HK Resource Group inherits Locks from Subscriptions Resource (eg : Azure VM) inherits Locks from Subscriptions and Resource Groups
  • 12. Contoso Ltd. Microsoft Azure Locks Hierarchy (ex) #HK
  • 14. Contoso Ltd. Microsoft Azure Locks Required “Rights” • To create or delete management locks, you must have access to the following actions : • Microsoft.Authorization/* • Or Microsoft.Authorization/Locks/* Note Of the built-in roles, only Owner and User Access Administrator are granted those actions. #HK
  • 15. Contoso Ltd. Difference between Azure Locks & Azure RBAC #HK
  • 16. Contoso Ltd. Difference between Azure Locks vs Azure RBAC • Azure Role-Based Access Control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Azure RBAC helps you manage access for users, groups, service principals. • Unlike Role-Based Access Control, you use Azure Locks to apply a restriction across all users and roles. • Useful Link • Visit the following link to read more about Azure RBAC : https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/ #HK
  • 17. Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Locks #HK
  • 18. Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Azure Locks • Azure Locks can be created and applied using different GUI & CLI Tools : • GUI : ▪ Azure Portal • CLI ▪ Windows PowerShell (using AzureRM Module) ▪ Azure CLI 2.0 #HK
  • 19. Contoso Ltd. HowTo Lock Your Azure Subscriptions, RG and Resources #HK
  • 20. Contoso Ltd. Create & Apply your Azure Locks using Azure Portal
  • 21. Contoso Ltd. HowTo #1 Lock your Az Subscriptions, RG and Resources via Azure Portal • Connect to Azure Portal • https://portal.azure.com • Go to Subscriptions blade and select the Subscription you want to Lock • Then click on “Resource Locks” • Click “Add” and add your Azure Lock • You have to enter the following infos : ▪ Lock Name ▪ Lock Type : ▪ Delete ▪ Read-only ▪ Notes (Lock Description) #HK
  • 22. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • If you want to create and apply Locks to Resource Groups or a specific Azure Resource, just Select your RG ou Azure Resource to lock and then, click on “Locks”. Finally click “Add” and enter the following infos : • Lock Name • Lock Type ▪ Delete ▪ Read-Only • Lock Notes (description) #HK
  • 23. Contoso Ltd. Create & Apply your Azure Locks using AzureRM Module
  • 24. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • The New-AzureRmResourceLock Cmd-let is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
  • 25. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via AzureRM Module • If you want to create and apply Locks to a specific Azure Resource, you have to add –ResourceType parameter • In the following example, a new Azure Lock will be created and applied to “hk-prod-website” resource. This is an Azure WebSite, a “Microsoft.web/sites” resource type is specified/used : #HK New-AzureRmResourceLock -LockName « hk-prod-website-lock" -LockLevel CanNotDelete -LockNotes "This Lock prevents accidental deletion of HK-Web-Prod-WebSite resource" -ResourceName « hk- prod-website" -ResourceType "microsoft.web/sites"
  • 26. Contoso Ltd. Create & Apply your Azure Locks using Azure CLI 2.0
  • 27. Contoso Ltd. HowTo #3 Lock your Az Subscriptions, RG and Resources via Azure CLI • The Az Lock Create Command is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
  • 28. Contoso Ltd. Do you have any Azure Project (Design/Architecture/Migration)? If yes, feel free to contact us Your Contacts Hicham KADIRI Lead Cloud Architect /Azure Advisor & Microsoft MVP hicham.kadiri@k-nd-k-group.com +33 (0)6 52 97 72 84 Mohsine CHOUGDALI Key Account Manager mohsine.chougdali@k-nd-k-group.com +33 6 66 26 55 15 A K&K Group Company
  • 29. Contoso Ltd. #HK o_O /hicham_kadiri /in/hichamkadiri Subscribe to my Blog hichamkadiri.wordpress.com
  • 30. Contoso Ltd. End of Lesson Hope this Helps ☺