1. Day 8 – Governance and Compliance
Johan Myburgh
10Tuesdays
To Azure Fundamentals
https://aka.ms/AZ900LM
https://aka.ms/AZ900EP08LM
2. Johan Myburgh
Azure Technical Trainer (ATT) @ Microsoft UK
Cloud Solution Architect
Passionate about people and sharing knowledge
jomyburg@microsoft.com
@sayedimac
aka.ms/johan
4. Why Governance
• Ensures environment runs the way it is
indented to run
• Rules for operating environment
• Build into your process
• Sprawl
• Consistency
• Size, SKU, Region, etc.
• Cost
• Security
• Loose canons
Without it…
5. Azure Policies
Granular rules you can apply to structure
Evaluate/Report or stop deployments
JSON definitions
Group together as Initiatives
6. 50% off Exam Vouchers
To qualify:
Scan the QR code and fill out the
form
Add 17969 as the event ID
You must attend 5 out of the 7
remaining sessions to be eligible
for the voucher
Please note this offer is only
valid until 31st March 2023
7. Role Based Access Control (RBAC)
Role Based Access Control
Who?
Security principal
User Group Service principal
Role assignment
Contributor
"Actions": [
"*"
],
"NotActions": [
"Auth/*/Delete",
"Auth/*/Write",
"Auth/elevate"
]
Marketing group
Pharma-sales
Resource group
What?
Role definition
Owner
Contributor
Reader
…
Backup Operator
Security Reader
Contributor
Reader Support Tickets
Virtual Machine Operator
Where?
Scope
Management group
Subscription
Resource group
Resource
8. Blueprints
Design templates of:
Resources
Policies
Roles (RBAC)
Resource Groups / Structure
Achieve Compliance
• Blueprints are versioned (small changes)
• Maintains relationship between design
(Blueprint) and resources
• Track and Audit deployments
9. Resource Locks
Locks down structure / resources when
complete
Ensure no simple mistakes slip in
Should be part of your process
• 2 Types
• Delete Lock
• Read-only Lock (includes delete)
10. Summary • Bigger your Azure footprint, the more important
this becomes
• Policies – Rules
• RBAC – Permissions
• Blueprints – includes all and resources
• Locks
• Read-only / Delete