Governance & Manageability (part 1)

By Ashwin Venugopal -

 



Azure Resource Manager

It is the deployment and management service of Azure providing a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. The core concept of an Azure Resource Manager is a resource which is an elementary building block of the services and solutions that you can deploy into Azure. 

Every resource exist in one and only one resource group which is a logical container that can easily simplify managing multiple resources. Resources in the same resource group generally shares the same life cycle, while you will have full fexibility in choosing your own criteria for grouping resources. For example, you can delegate permissions, identify costs, and audit events for all resources within a group in a single step. You can also remove them by deleting the group in which they can reside. 


 

Role-Based Access Control (RBAC)

RBAC gives you the capability to grant appropriate access to the Azure AD users, groups, and services.It is also configured by selecting a role, and then associating the role with a user, group, or service principle amd this combination of role and user/group/service principle is scoped to either the entire subscription, a resource group, or specific resources within a resource group. 

Azure Policy

It is a service in Azure that you can use to create, assign, and manage policies that enforces different rules over your resources, so those resources will stay compliant with your corporate standards as well as service level agreement. The main advantages of Azure Policy are:

  • Enforcement and Compliance- Turn-on built-in policies or build custom ones for all resource types. Real time policy evaluation as well as enforcement, periodic and on-demand compliance evaluation. 
  • Apply policies at scale- apply policies to a Management Group with control across your entire organization. Apply multiple policies and aggregate policy state  with policy initiative. 
  • Remediation- Real time remediation, and remediation on existing resources. 

Management Groups

Azure management groups offers a level of scope above subscriptions and you can easily organize them into the containers called "management groups" as well as apply your governance conditions to the management groups. Management group enables:
  • Organizational alignment fro your Azure subscriptions through custom hierarchies and grouping.
  • Targeting of policies and spend budgets across subscriptions as well as inheritance down the hierarchies. 
  • Compliance and cross reporting   

All the subscriptions within a management group can automatically inherit the conditions applied to the management group. 





Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more