Describe identity, governance, privacy, and compliance features Flashcards
Role-Based Access Control (RBAC)
Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.
Here are some examples of what you can do with Azure RBAC:
Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
Allow a DBA group to manage SQL databases in a subscription
Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
Allow an application to access all resources in a resource group
Azure resource locks
Resource Manager Locks provide a way for administrators to lock down Azure resources to prevent deletion or changing of a resource. These locks sit outside of the Role Based Access Controls (RBAC) hierarchy and when applied will place the restriction on the resource for all users.
Azure Tags
You apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name Environment and the value Production to all the resources in production.
Azure Policy
Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.
All Azure Policy data and objects are encrypted at rest
Azure Blueprints
Just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
Role Assignments
Policy Assignments
Azure Resource Manager templates (ARM templates)
Resource Groups
The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Azure Blueprints deploys your resources to.
How it’s different from ARM templates
The service is designed to help with environment setup. This setup often consists of a set of resource groups, policies, role assignments, and ARM template deployments. A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package, including through a continuous integration and continuous delivery (CI/CD) pipeline. Ultimately, each is assigned to a subscription in a single operation that can be audited and tracked.
Nearly everything that you want to include for deployment in Azure Blueprints can be accomplished with an ARM template. However, an ARM template is a document that doesn’t exist natively in Azure - each is stored either locally or in source control or in Templates (preview). The template gets used for deployments of one or more Azure resources, but once those resources deploy there’s no active connection or relationship to the template.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Azure Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.
There’s no need to choose between an ARM template and a blueprint. Each blueprint can consist of zero or more ARM template artifacts. This support means that previous efforts to develop and maintain a library of ARM templates are reusable in Azure Blueprints.
Cloud Adoption Framework for Azure
The Microsoft Cloud Adoption Framework for Azure is guidance that’s designed to help you create and implement business and technology strategies for the cloud. It provides best practices, documentation, and tools. Cloud architects, IT professionals, and business decision makers use this information to achieve their cloud adoption goals.
By using the Cloud Adoption Framework for Azure best practices, organizations can better align their business and technical strategies to ensure success
Microsoft core tenets of Security, Privacy, and Compliance
The Azure approach to trust is based on the following foundational principles: security, privacy, compliance, resiliency, and intellectual property (IP) protection. The Security Development Lifecycle (SDL) introduces and emphasizes security and privacy early and throughout all phases of the development process.
Microsoft core tenets of Security, Privacy, and Compliance
The Azure approach to trust is based on the following foundational principles: security, privacy, compliance, resiliency, and intellectual property (IP) protection. The Security Development Lifecycle (SDL) introduces and emphasizes security and privacy early and throughout all phases of the development process.
Describe the purpose of the Microsoft Privacy Statement
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes
Online Services Terms (OST) and Data Protection Amendment (DPA)
The parties agree that these Online Services Terms govern Customer’s use of the Online Services and that the DPA (defined below) sets forth their obligations with respect to the processing and security of Customer Data and Personal Data by the Online Services
Azure Trust Center
The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community. The Trust Center provides: In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
Azure compliance documentation
If your organization needs to comply with legal or regulatory standards, start here to learn about compliance in Azure.
Azure Sovereign Regions (Azure Government cloud services and Azure China cloud services)
Microsoft hosts special regions called government clouds or sovereign clouds for exclusive use by particular governmental bodies around the world. Azure Government regions are inaccessible (invisible) to nongovernment employees
