Use Azure Policy to manage and enforce your standards for governance and compliance and to assess that compliance at scale. When you implement Azure Policy, you are effectively adding guard-rails for your users. But you also have a way to audit your organization compliance against a particular policy.
In this walkthrough, you will learn the implications of using a Policy in Azure. For this walkthrough, you will use Azure CLI to create a storage account that will not be compliant, but allowing its contents to be accessed using HTTP. Then you will add a Policy that requires HTTPS, and see how you can audit existing, non-compliant resource. You will audit the resource using the portal and using PowerShell script. Then you will create another non-compliant resource and see how Azure blocks the resource during creation.
Continue reading “Walkthrough using Azure Policy to audit and enforce compliance”
Once you have set up your first subscription, you can set up your Management Group.
In Azure, management groups are a way to group your subscriptions. When you apply policies and governance to your management group, all of the subscriptions within a management group automatically inherit the conditions applied. Enterprises want management groups as a way to scale your operations no matter how many subscriptions you may have.
For example, you may want to restrict the regions available for your resources to those within a particular region. A policy that reflects that can be applied to a management group and will automatically be applied to all management groups, all subscriptions, and all resources under that management group.
Continue reading “Setting up Management Group for production in enterprise”
Security Center provides out of the box policies and a dashboard to identify possible security issues with your subscription.
To start with Security Center has a good set of policies that will help you do basic audits and provide security alerts.
Use Security Center to meet your cloud requirements
In this article, you will be able to meet the following requirements:
- Set up ways for your security team, developers, and operations to quickly audit subscriptions.
- Mitigate security issues
Continue reading “Setting up Security Center for production in enterprise”
Once you have set up your Azure administrators, you can begin to consider how to organize your cloud into management groups, subscriptions, resource groups. You will want to develop a naming standard, and way to tag resources.
Although you may be focused initially on just getting your resources deployed, you will want to be able to manage them. For example, a year from now you may want to know who is responsible for the virtual machine that is no longer doing anything, but is costing money. In other words, you may want lifecycle management.
You may want the ability to charge a set of resources to a cost center and to budget those resources. For example, you may want to receive alerts for both the users and for your administrators when costs are out of line with expectations.
And as we all know, it is easier to organize as you go. In this article, you will learn about some key points in organizing your Azure resources.
Continue reading “Organize Azure resources using management group, tags, naming convention”
Azure provides the Azure Cloud Shell which includes almost every tool you will need already installed. But that requires you to be logged into the portal. And it times out after a short time. So you can administer Azure from your desktop.
There are tools you will normally want on your local computer to administer Azure:
- Azure Powershell
- Azure CLI and some additional tools (such as jq and Kubernetes)
- Visual Studio Code and extensions
All are cross platform tools. In this article, you will learn how to install the tools from the command line. And you will learn about Azure providers and how to add them to your subscription.
Continue reading “Checklist of Azure tools for enterprise admin: PowerShell, AzCopy, Azure CLI, Docker, Git, Azure Providers”