Microsoft Azure Security Technologies (AZ-500): Enterprise Governance
Shared Responsibility in the Cloud [1]
Azure Policy [2]
This allows administrator to specify certain policy for certain user/group to ensure that Azure resources are properly restricted or managed.
How to define Azure Policy? Search “Policy” → Select “Definitions”.
For example, you can configure a policy to only allow users from certain countries to create a resource group.
Or to force all VMs in a subscription to use SSH private/public key instead of username/password for authentication.
Azure Role Based Access Control (RBAC) [3]
RBAC can be applied on subscription level, resource group level or resource level.
Do take note that RBAC access is inherited. If Tom is being given owner rights at Subscription level, he will have owner rights at resource group level and resource level as well.
Azure Resource Locks [4]
Go to the specific resource → Select “Lock”.
Administrator can apply two types of locks to Azure resources:
- Read-Only
- Delete
All critical resources should be applied with a lock.
References
[1] Shared responsibility in the cloud — Microsoft Azure | Microsoft Docs
[2] Overview of Azure Policy — Azure Policy | Microsoft Docs
[3] What is Azure role-based access control (Azure RBAC)? | Microsoft Docs
[4] Lock resources to prevent changes — Azure Resource Manager | Microsoft Docs
