This blog post is the fourteenth blog Microsoft Azure Fundamentals Certification Series(AZ-900) of Topic 3: Security Services.
If you have not gone through the previous Topic 3.3 Microsoft Azure Security Services read it at https://k21academy.com/az90024.
For the full list of blogs in this series, refer to https://k21academy.com/az90011.
In this blog post, we’ll cover Topic 3.4 Microsoft Azure Governance which includes Azure Blueprints & Azure Policy.
Microsoft Azure provides governance features and services
- Azure Blueprints
- Azure Policy
- Azure Blueprints like architectural blueprints, define Azure resources that implement an organization’s standards, patterns, and requirements.
- By leveraging Azure Blueprints, engineers can quickly build and deploy new environments.
- Azure Blueprints provides a mechanism that allows you to create and update artifacts (like policies, RBAC, resource group, ARM templates) and assign them to environments and version them.
RBAC is Azure’s role-based access control, a system that provides access management of Azure resources. Using Azure RBAC, one can segregate duties within the team and grant only the amount of access to users that they need to perform their role.
- Azure Policy is a service that you use to create, assign, and manage policies.
- These policies enforce rules on resources so those resources stay compliant with your corporate standards and service-level agreements.
- Policies enforce tagging for resources and resource groups and restrict regions for deployed resources.
Here are a few sample questions from the Microsoft Azure Fundamentals Certification Exam[AZ-900] that you should be able to solve after reading this blog.
Q 1: You have a resource group named RG1. You plan to create virtual networks and app services in RG1. You need to prevent the creation of virtual machines only in RG1. What should you use?
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
Correct Answer: A
Q 2. Your company has an Azure environment that contains resources in several regions. A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. What should you create?
A. a read-only lock
B. an Azure policy
C. a management group
D. a reservation
Correct Answer: B
- [AZ-900] Microsoft Azure Certification Fundamental Exam: Everything You Must Know
- Learn how to create a Free Microsoft Azure Trial Account
- [AZ-900] Microsoft Azure Fundamentals: Topic 1.1 Overview & Benefits
- Topic 2.1 Azure Architecture: Region, Availability Zone & Geography
- How to Register For [AZ-900] Microsoft Azure Fundamentals Certification Exam
- Topic 3.1 Microsoft Azure Secure Network Connectivity: Firewall, DDOS, & NSG
- Topic 3.2 Microsoft Azure Core Identity Services: AD & MFA
- Topic 3.3 Microsoft Azure Security Services: Security Center, Key Vault, AIP & ATP
Begin your journey towards Azure, Getting [AZ-900] Microsoft Azure Fundamentals certified, and earning a lot more in 2020 by joining our FREE Masterclass.