Buffl

Chapter 11 Monitoring

as
von abdullah S.

Role-Based Access Control (RBAC)

The next part of Azure Policy is a fundamental part of how you use Azure. Role-based access control, often called RBAC, is a critical component in governance of users and their access to Azure resources. Role-based access control lets you define which users have access to specific Azure resources, what they can do with those resources, and what areas they have access to. One of the best practices for any computer infrastructure is to give users the minimum access they need. If a user doesn't have to access a database, well, then don't even give them access to it. It keeps users out of trouble, and RBAC can enable this. That means you can target specific use cases for assigning access. For example, allow an application access to only the resources it needs or allow a user access to all resources in a specific resource group. RBAC works through assigning roles to users, and a role assignment has three elements. A security principal, which is an object that represents what type of entity can get access to the Azure resource. This could be a user or group of users, for example. A role definition is a collection of permissions. A role definition lists the operations that can be performed, such as read, write, and delete. Scope is the set of resources that the access applies to. This is useful if, for example, you want a specific role assignment to have only access to a specific resource group. Role assignment is the process of combining those three properties to grant access to Azure resources. For example, let's say you have three virtual machines called admin, billing, and general. If you want to create role-based access to these resources, you could do it like this. An admin role. This has access to all three VMs with all permissions. An accountant role, which can access the billing and general VMs. It has read/write access to the billing VM and read access to the general VM. And, finally, a standard user role, and this has only read access to the general VM. The advantage is that you can now assign each role to any number of users. If there's a change to any of the roles, you only have to perform the change to the role, and all the users that have that role assigned will automatically get the updated role permissions.

Azure Blueprints

Blueprints are templates for creating Azure resources


The last part of the lecture on governance is looking at how you can make sure your Azure resources are both consistently created, deployed, and updated as well as secure. Now, remember, governance is here to keep you out of trouble. Now, the first tool in the second half of the lecture is Azure Blueprints. As you may have guessed from the name, blueprints are templates for creating Azure resources. It is a blueprint for everything you need to deploy for a standard cloud environment on Azure. Think of it this way. If you had to create a brand new Azure environment for a new product, and you had to meet certain governance rules and regulations, how would you do that manually? Most likely, you wouldn't, as it would drive you to insanity. Instead, Azure Blueprints pack everything you need, including templates for which resources to create user permissions using RBAC and any necessary policies. All in one easy pill - I mean, package. There are even built-in samples for the most common scenarios, including samples for scenarios with specific government regulations and guidelines. Similar to blueprints, but aimed at the organization that is considering moving to the cloud, is the Cloud Adoption Framework. This is a collection of documents that takes you through every step of the journey towards the cloud. You get guidance on how to define strategies for adoption, planning the move, what it means to be ready for the cloud, reasons for adopting the cloud, improving your governance and establishing practices around it, and managing a living, breathing cloud architecture. Well, the lot. Governance in particular is important to make a smooth transition to the cloud

Azure Privacy

Privacy is an extension of compliance and just like any other online business, you need to take privacy seriously, which is why Azure takes it very seriously. In Azure, privacy is such a core part of the platform that there isn't a single service or place for it. Instead, the built-in privacy controls include tools and services that are also covered in this course in other chapters."


"Azure Information Protection is used to classify, label, and help protect data based on its sensitivity. Azure Policy, which we covered earlier in this chapter, is used to define and enforce rules to ensure privacy and external regulations. When dealing with GDPR privacy requests (that is, requests from European users of your data), use the guides on Azure to comply with these requests."


"Use the compliance manager to make sure you're following the guidelines around privacy, such as GDPR and ISO standards. All these tools are available to help simplify your privacy compliance. And, of course, Microsoft also has their own privacy statement. And because you chose to do this exam, you have to know about it. And that means I have to teach you as well. So thanks."


"Yeah. As with every other privacy statement on the internet, Microsoft explained how they're going to collect and treat your private data. Actually, it's so boring that I won't cover it here, but I've added the link in the resources for this lecture. So, enjoy. Enough about privacy. It exists. It's important. Make sure you know about it. Next up, you'll have to trust me.

Author

abdullah S.

Informationen

Zuletzt geändert