azure-for-governance-and-compliance
Last updated
Last updated
Contents covered
Microsoft Purview
Azure policy
Resource locks
Service Trust portal
It is a family of data governance, risk, and compliance solutions that helps user get a single, unified view into your data. Microsoft purview brings insights about your on-premises, multicloud and SaaS data together.
Two main solution areas comprise Microsoft Purview: Risk and Compliance and Unified data governance
Purview by managing and monitoring your data, is able to help your organization
Protect sensitive data across clouds, apps, and devices
Identify data risks and manage regulatory compliance requirements
Get started with regulatory compliance
unified data governance can help with
Create an up-to date map of entire data estate that includes data classification and end to end lineage
Identify where sensitive data is stored in your estate
Create a secure environment for data consumers to find valuable data
Generate insights about how your data is stored and used
Manage access to the data in your estate securely and at scale.
Azure Policy is a service is azure that enables user to create, assign and maanage policies that control or audit user resources. These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards
Azure policy enables user to define both individual policies and group of related policies, known as initiatives. Azure policy evaluates your resources and highlights resources that arent compliant with the policies user created. Policy can also prevent non-compliant resources from being created
Azure policies can be set at each level, enabling user to set policies on a specific resource, resource group, subscription and so on. Additionally, azure policies are inherited, so if user set a policy at a high level, it will automatically be applied to all the groupings that fall within the parent.
Azure Policy comes with built-in policy and initiative definitions for storage, networking, compute, security center and monitoring.\
In some cases, azure policy can automatically remediate non-compliant resources and configurations to ensure the integrity of the state of resources. For example, If all resources in a certain resource group should be tagged with appName tag and a specific value, azure policy will automatically apply that tag if it is missing. However user still retain full control of your environment. If user have a specific resource that user dont want azure policy to automatically fix, user can flag that resuorce as an exception - and the policy wont automatically fix that resource
Azure policy initiative is a way of grouping related policies together. The initiative definition contains all of the policy definitions to help track your compliance state gor larger goal
Under this policy, the following policy definitions are included
Monitor unencrypted SQL database in security center
Monitor OS vulnerabilities in security center
Monitor missing endpoint protection in security center
Resource lock prevents resources from being accidentally deleted or changed. Resource Locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if user place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.
Types of Resource Locks
One that prevents users from deleting
means authorized users can still read and modify a resource, but they cant delete the resource
One that prevents users from changing/deleting a resource
means authorized users can read a resource, but they cant delete or update the resource.
applying thos lock is similar to restricting all authorized users to the permissions granted by the reader role.
To modify a locked resource, you must first remove the lock. After you remove the lock, you can apply any action you have permissions to perform. Resource locks apply regardless of RBAC permissions. Even if you are an owner of the resource, you must still remove the lock before you can perfom the blocked activity
This provides access to various content, tools and other resources about Microsoft security, privacy, and compliance practices. It contains details about the microsoft implementation of controls and processes that protect cloud services and customer data.
Service Trust Portal reports and documents are available to download for at least 12 months after publishing or untill a new version of document becomes available
