![]() ![]() If you select one of these initiatives, you can view the policies that are assigned. ![]() The screen shot below shows some of the built-in policies for financial governance. Assigning these policies, especially as they pertain to VMs, assist in controlling costs associated with deploying compute resources that are beyond what is necessary. There are policies that can be put in place for controlling costs and performance compliance by assigning specific SKUs that are allowed within storage accounts, virtual machines (VMs), and VPN gateways. Most of the financial and cost governance can be monitored and managed through the cost and billing services and Azure Advisor, with spending limits and controls being put in place for the subscription and resources. We will begin our policy discussion with financial governance. Governing your Azure environment for financial, business, and security will be discussed further in the following sections. Determining the policies to put in place should be based a business, security, and financial discussion. We will discuss this later in this article. Policies should be assigned at the beginning of building your environment in Azure but they can also be retroactively created, and existing resources can be audited against these policies. A list of these policies can be found here. Policies can be assigned using the built-in policies within Azure, of which there are hundreds, or custom policies can be created that may be necessary for your specific organizational needs. Azure policies are created, assigned, and utilized to govern the resources within your Azure subscription. Role-based access control (RBAC) and the principles of least privilege provide levels of restriction to users and groups within the environment as to what resources they can access or create, but they do not set parameters on where they can be created, the level of cost, or the security requirements. In this article, we will discuss how to govern the Azure environment with Policies.Ĭhallenges arise within a cloud environment when resources can be created that may affect, cost, security, or regulatory jurisdictions. In the first post of a series of three articles on Azure Security, we focused on the services that make up the foundation of an organization’s security program. These services provide the ability to monitor resources, create and set policies, and identify and mitigate threats within not only the Azure infrastructure, but also to external resources for a consistent security posture across an organization. Microsoft Azure has a wide range of services built into their cloud ecosystem. ![]()
0 Comments
Leave a Reply. |