Governance and compliance tools

Understanding Microsoft Azure Management and Governance

Maarten Van den Broeck

Senior Content Developer at DataCamp

Governance and compliance tools overview

Tool Use
Azure Policy Enforce standards and best practices by defining and applying rules and policies to resources
Azure Blueprints Standardize deployments, replicate configurations from existing environments
Understanding Microsoft Azure Management and Governance

Azure Policy

Used to set rules and standards for resources

  • Enforces compliance to applicable standards and regulations
  • Can be set at any level and automatically be inherited by sublevels (e.g., resources take the policy of the resource group)
  • Automatic remediation: e.g., applying missing tags

Azure Policy

Understanding Microsoft Azure Management and Governance

Azure Policy: Initiatives

Azure Policies can be grouped into Initiatives:

  • Groups of related policies for a larger goal
  • User-defined or built-in for common scenarios or regulations
  • Example: HIPAA/HITRUST built-in initiative
    • MFA (multi-factor authentication) should be enabled
    • There should be more than one owner assigned to a subscription
    • Automatic check for missing members in the Administrators group

Azure Policy Initiatives

Understanding Microsoft Azure Management and Governance

Azure Blueprints

Standardize new cloud subscriptions or deployments

  • Link between blueprint (what should be deployed) and resources (what was deployed)
  • Versioning: keep track of updates or revert to a previous working version

Azure Blueprints

Understanding Microsoft Azure Management and Governance

Azure Blueprints: Artifacts

Each component of a blueprint is called an Artifact

  • Contain parameters that can be specified
  • Configuration either in blueprint or at deployment
  • Examples:
    • Role assignments
    • Policy assignments
    • Resource group configuration
    • Predefined resource templates

Artifacts during Blueprint creation

Understanding Microsoft Azure Management and Governance

Example use case: network security policy

You are responsible for implementing best practices for network security, such as disabling public Internet access based on specific rules

  • With Azure Policy: implement a set of rules that blocks or restricts public Internet access
  • With Azure Blueprints: assign above policy as an Artefact to automatically include it in new deployments

GIF showing the creation of a no public Internet access policy

Understanding Microsoft Azure Management and Governance

Let's practice!

Understanding Microsoft Azure Management and Governance

Preparing Video For Download...