Governance & Manageability (part 1)

 



Azure Resource Manager

It is the deployment and management service of Azure providing a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. The core concept of an Azure Resource Manager is a resource which is an elementary building block of the services and solutions that you can deploy into Azure. 

Every resource exist in one and only one resource group which is a logical container that can easily simplify managing multiple resources. Resources in the same resource group generally shares the same life cycle, while you will have full fexibility in choosing your own criteria for grouping resources. For example, you can delegate permissions, identify costs, and audit events for all resources within a group in a single step. You can also remove them by deleting the group in which they can reside. 


 

Role-Based Access Control (RBAC)

RBAC gives you the capability to grant appropriate access to the Azure AD users, groups, and services.It is also configured by selecting a role, and then associating the role with a user, group, or service principle amd this combination of role and user/group/service principle is scoped to either the entire subscription, a resource group, or specific resources within a resource group. 

Azure Policy

It is a service in Azure that you can use to create, assign, and manage policies that enforces different rules over your resources, so those resources will stay compliant with your corporate standards as well as service level agreement. The main advantages of Azure Policy are:

  • Enforcement and Compliance- Turn-on built-in policies or build custom ones for all resource types. Real time policy evaluation as well as enforcement, periodic and on-demand compliance evaluation. 
  • Apply policies at scale- apply policies to a Management Group with control across your entire organization. Apply multiple policies and aggregate policy state  with policy initiative. 
  • Remediation- Real time remediation, and remediation on existing resources. 

Management Groups

Azure management groups offers a level of scope above subscriptions and you can easily organize them into the containers called "management groups" as well as apply your governance conditions to the management groups. Management group enables:
  • Organizational alignment fro your Azure subscriptions through custom hierarchies and grouping.
  • Targeting of policies and spend budgets across subscriptions as well as inheritance down the hierarchies. 
  • Compliance and cross reporting   

All the subscriptions within a management group can automatically inherit the conditions applied to the management group. 





Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Deployment (Part 2)