Coach Beard Jr. Boring Notes
  • CONTRIBUTING
  • Multi Threading
  • Processes
  • README
  • Security Policy
  • Stack vs Heap Memory Allocation
  • What is it?
  • Mind Map
  • Azure
    • Table of contents
  • Azure
    • Resources
  • BATCH-Scripting
    • Gettng-Started
  • Cloudflare
    • Digital Certificates - What are Those
  • Cloudflare
    • Introduction to HTTPS and TLS
  • Cloudflare
    • Resources
  • DENO LAND
    • DENO - CLI
  • DENO LAND
    • Deno_index.docx
  • DENO LAND
    • Examples
  • DENO LAND
    • Starting Examples
  • DENO LAND
    • Working with Deno
  • DENO LAND
    • http_server.ts
  • Docker Notes
    • Commands
  • Docker Notes
    • Communication
  • Docker Notes
    • Containers
  • Docker Notes
    • Data in Docker
  • Docker Notes
    • Docker Compose
  • Docker Notes
    • Dockerfile
  • Docker Notes
    • Images and containers
  • Docker Notes
    • Practice Images
  • What and Why
  • Docker Notes
    • Table of contents
  • Docker Notes
    • Virtual Machines
  • Docker Notes
    • Volumes
  • Docker Notes
    • dockerignore
  • Garbage Collection
    • Introduction
  • Git and Github
    • GIT
  • Git and Github
    • Github
  • HackingHub.io
    • Mindmap
  • HackingHub.io
    • Start Here
  • JENKINS
    • JENKINS (Getting Started)
  • Java - A Headache
    • A Headache
  • Java - A Headache
    • Checked Exceptions
  • Java - A Headache
    • Concurrency In Java
  • Java - A Headache
    • ENUM
  • Java - A Headache
    • ThreadExceptions
  • Java - A Headache
    • Exception Handling
  • Java - A Headache
    • Java Memory Management
  • Java - A Headache
    • Lambda Expressions
  • Java - A Headache
    • LifeCycle and States of a Thread in Java
  • Java - A Headache
    • Memory Allocation by JVM
  • Java - A Headache
    • Multi-Threading in JAVA
  • Java - A Headache
    • Transient
  • JavaScript
    • Arrays
  • JavaScript
    • Behind the Scenes of JavaScript
  • JavaScript
    • Falsy-Truthy Values
  • JavaScript
    • Garbage Collection
  • JavaScript
    • Getters_Setters
  • JavaScript
    • Hoisting
  • JavaScript
    • How Code is Parsed and Compiled
  • JavaScript
    • Index.docs
  • JavaScript
    • Inside JS Engine
  • JavaScript
    • MindMap
  • JavaScript
    • Objects
  • JavaScript
    • this in javascript
  • Kubernetes
    • Kubernetes Architecture Overview
  • Linux & Unix
    • GRUB - Grand Unified Bootloader
  • Linux & Unix
    • Resources
  • Miscellaneous
    • CDN Architecture
  • Miscellaneous
    • JavaScript exec returns Undefined
  • NodeJS
    • Index.docs
  • Obsidian - Help
    • Resources
  • Pentester Notes
    • IP Address
  • Pentester Notes
    • LAN - Local Area Network
  • Pentester Notes
    • MAC Address
  • Pentester Notes
    • MindMap
  • Pentester Notes
    • Networking
  • Pentester Notes
    • Offensive Security
  • Pentester Notes
    • Ping
  • Pentester Notes
    • Subnetting
  • Spring-Security
    • Servlets & Filters
  • Spring-Security
    • default-configuration
  • TypeScript
    • Index.docs
  • TypeScript
    • TypeScript
  • Webpack
    • Concepts
  • .github
    • ISSUE_TEMPLATE
      • feature_request
  • Automation
    • Cucumber-Framework
      • Getting Started
  • Automation
    • Playwright
      • Introduction
  • Azure
    • AZ-104
      • Control Azure services with the CLI
  • Azure
    • AZ-104
      • Deploy Azure infrastructure by using JSON ARM templates
  • Azure
    • AZ-204
  • Azure
    • AZ-204
      • mindMap
  • Azure
    • Azure Policy
      • Azure-policies
  • Azure
    • Azure Policy
  • Azure
    • Azure-Fundamentals
  • Azure
    • Azure-Fundamentals
      • mindmap
  • Cloudflare
    • Docs
      • Cloudflare IPs
  • Cloudflare
    • Docs
      • Getting Started
  • Cloudflare
    • Docs
      • MindMap
  • DENO LAND
    • Basics
      • Basics
  • DENO LAND
    • Basics
      • Connecting to Database
  • DENO LAND
    • Basics
      • Environment Variables
  • DENO LAND
    • Basics
      • Imports
  • DENO LAND
    • Basics
      • Modules
  • DENO LAND
    • Basics
      • Permissions
  • DENO LAND
    • Basics
      • Standard Library
  • DENO LAND
    • Basics
      • Testing
  • Eager
    • Primes
      • Finding prime number - formula
  • Git and Github
    • Github-Actions
      • Auto Publish(Release) - GitHub Actions
  • Git and Github
    • Github-Actions
      • Continuous Integration (CI) - GitHub Actions
  • Git and Github
    • Github-Actions
      • Github-Actions Introduction
  • Java - A Headache
    • Garbage Collection
      • Garbage Collection
  • Java - A Headache
    • Garbage Collection
      • Types of Garbage Collection
  • Java - A Headache
    • Spring - Framework
      • annotation
  • Java - A Headache
    • Threads
      • Threads in JAVA
  • JavaScript
    • Basics
      • DataTypes_Variables
  • JavaScript
    • Basics
      • Null-Undefined-NaN
  • JavaScript
    • DOM
      • Fundamental data types
  • JavaScript
    • DOM
      • Learn to search Methods and attributes
  • JavaScript
    • DOM
      • What is DOM
  • JavaScript
    • DOM
      • Working With DOM
  • JavaScript
    • Functions
      • Functions in JavaScript
  • JavaScript
    • OOP
      • OOP in JS
  • Pentester Notes
    • DNS
      • DNS Records
  • Pentester Notes
    • DNS
      • Securing DNS
  • Pentester Notes
    • DNS
      • What is 1.1.1.1
  • Pentester Notes
    • DNS
      • What is DNS
  • Pentester Notes
    • OSI Model
      • Intro
  • Pentester Notes
    • Protocols
      • ARP Protocol
  • Pentester Notes
    • Protocols
      • DHCP Protocol
  • Azure
    • AZ-104
      • Azure-Administrators
        • automate-azure-tasks-using-scripts
  • Azure
    • AZ-104
      • Azure-Administrators
        • azure-resource-manager
  • Azure
    • AZ-104
      • Azure-Administrators
        • configure-azure-resources
  • Azure
    • AZ-104
      • Azure-Administrators
        • configure-resources-with-arm
  • Azure
    • AZ-104
      • Azure-Administrators
        • control-azure-services-cli
  • Azure
    • AZ-104
      • Azure-Administrators
        • deploy-azure-infra-using-arm-templates
  • Azure
    • AZ-104
      • Azure-Administrators
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Azure DNS
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Azure Virtual Network Peering
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Network Security Groups
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Network routing and endpoints
  • Azure
    • AZ-104
      • Configure and Manage VNet for Azure
        • Configure Virtual Networks
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Configure Azure Container Instances
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Configure Virtual Machines
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • Manage VM with Azure CLI
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-azure-app-service-plans
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-azure-app-service
  • Azure
    • AZ-104
      • Deploy and Manage Azure compute resources
        • configure-vm-availability
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Blob Storage
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Files and Azure File Sync
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Storage Security
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Azure Storage with tools
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Configure Storage Accounts
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Control Access to Azure Storage with SAS
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Create Azure Storage Account
  • Azure
    • AZ-104
      • Implement and Manage Storage in Azure
        • Upload, download, manage data with Azure Storage Explorer
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Allow users to reset their password with Entra SSPR
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Azure Policy
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Microsoft Entra ID
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure RBAC
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure Subscriptions
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Configure user and group accounts
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Create Azure Users and Groups in Entra ID
  • Azure
    • AZ-104
      • Manage identities and governance in Azure
        • Secure Azure resources with Azure RBAC
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Azure Alerts
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Azure Monitor
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Log Analytics
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Network Watcher
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure Virtual Machine Backups
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Configure file and folder backups
  • Azure
    • AZ-104
      • Monitor and back up Azure resources
        • Improve incident response with alerting on Azure
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • AppService-DeploymentSlots
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Azure-App-Services
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Configure-web-app-settings
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
        • Scale-apps-Azure-AppService
  • Azure
    • AZ-204
      • Azure-AppService-WebApps
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
        • cosmosDB-part1
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
        • cosmosDB-part2
  • Azure
    • AZ-204
      • Azure-Cosmos-DB
  • Azure
    • AZ-204
      • Azure-Functions
        • Azure-Functions-2
  • Azure
    • AZ-204
      • Azure-Functions
        • Azure-Functions
  • Azure
    • AZ-204
      • Azure-Functions
  • Azure
    • AZ-204
      • Containerized-Solutions
        • implement-azure-container-apps
  • Azure
    • AZ-204
      • Containerized-Solutions
        • manage-container-images-in-container-registry
  • Azure
    • AZ-204
      • Containerized-Solutions
  • Azure
    • AZ-204
      • Containerized-Solutions
        • run-container-images-container-instances
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-demo
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-intro
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • Azure-Blob-Storage-lifecycle
  • Azure
    • AZ-204
      • Sols-using-blob-Storage
        • mindmap
  • Azure
    • AZ-204
      • course-notes-udemy
        • Azure App Service
  • Azure
    • AZ-204
      • course-notes-udemy
        • Containers Service
  • Azure
    • AZ-204
      • course-notes-udemy
        • Create VM via Powershell
  • Azure
    • AZ-204
      • Course Notes - Udemy
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure Infrastructure
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure-identity-access-security
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • Azure-storage-services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • compute-and-network-services
  • Azure
    • Azure-Fundamentals
      • Architecture-Services
        • mindMap
  • Azure
    • Azure-Fundamentals
      • Cloud-Concepts
  • Azure
    • Azure-Fundamentals
      • Cloud-Concepts
        • cloud-concepts
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • Cost-management-Azure
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • Monitor-tools-in-auzre
  • Azure
    • Azure-Fundamentals
      • Management-Governance
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • azure-for-governance-and-compliance
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • features-tools-for-managing-and-deploying-resources
  • Azure
    • Azure-Fundamentals
      • Management-Governance
        • mindmap
Powered by GitBook
On this page
Edit on GitHub
  1. Azure
  2. AZ-104
  3. Manage identities and governance in Azure

Configure Azure Policy

  • create management groups to target policies and spending budgets

  • implement azure policy with policy and initiative definitions

  • scope azure policies and determine compliance

Azure policy is a service in azure that enables you to create, assign and manage policies to control or audit your resources. these policies enforce different rules over resource configurations so the configurations stay compliant with corporate standards.

Azure management groups provide a level of scope and control above your subscriptions.

Things to know about management groups

  • by default, all new subscriptions are placed under the top-level management group or root group

  • all subscriptions within a management group automatically inherit the conditions applied to that management group

  • management group tree can support up to six levels of depth

  • azure role based access control authorization for management group operations isnt enabled by default

the main advantage of azure policy are in the areas of enforcement and compliance, scaling, and remediation.

There are four basic steps to create and work with policy definitions in azure policy:

  1. Create policy definitions

  2. Create initiative definition

    1. it is a set of policy definitions that help you track your resource compliance state to meet a larger goal.

    2. you can use an initiative definition to ensure resources are compliant with security regulations

  3. Scope the initiative definition

    1. azure policy lets you control how your initiative definitions are applied to resources in your organization

  4. Determine compliance

    1. after you assign a initiative definition you can evaluate the state of compliance for all your resources. Individual resources, resource groups, and subscriptions within a scope can be exempted form having the policy rules affect it.

    2. Exclusions are handled individually for each assignment.

Built-in initiative definitions

  • audit machines with insecure password security settings

  • configure windows machines to run azure monitor agent and associate them to a data collection rule

  • configure azure defender to be enabled on SQL servers.

Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group.

PreviousManage identities and governance in AzureNextAzure

Last updated 1 year ago