Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[Azure Governance] Lesson 4 : Azure Policy

1,119 views

Published on

This is the Lesson 4 of the "Azure Governance - Free training" serie.

This document presents Azure Policy in-depth and lists all key items you should now when designing your Azure Policy Model.

Finally, the document describes all methods/tools (GUI & CLI) you can use to create, manage and assign Policy (Definition and Initiative Definition) to your Azure environment.

Creating and using a Custom Policies is also detailed on this document.

Published in: Technology
  • Be the first to comment

[Azure Governance] Lesson 4 : Azure Policy

  1. 1. Module 4 Azure Policy Azure Free Training Azure Governance Model By Hicham KADIRI May 18, 2019 A K&K Group Company
  2. 2. Contoso Ltd. About me Microsoft MVP • Windows Expert-IT Pro (2014-2015) • Cloud and Datacenter Management (2016) • Enterprise Mobility /RDS (2017) • CDCM /Microsoft Azure (2018) • Microsoft Azure (2019) Founder @BecomeITExpert.com Co-Founder @K&K Group Think {Cloud /DevOps /Security} IT Author (+10 eBooks) • Azure CLI 2.0 & Azure Advisor Pocket Consultant • RDS 2012 R2 and 2016 Pocket Consultant • RDS & OS Security & Hardening guide • GPO, PowerShell, AppLocker … Lead Cloud Architect /Az Expert • Working for several large companies and international group including Thales, Areva, Rabobank, Gemalto, Vinci, CE, BP…etc IT Blogger • hichamkadiri.wordpress.com • AskTheCloudExpert.wordpress.com • ~2millions views ☺ /hicham_kadiri /in/hichamkadiri TechNet Contributor (Top 0,5%) • MTFC (Microsoft Technical French Contributor) • MCC (Microsoft Community Contributor) Hicham KADIRI (aka #HK)
  3. 3. Document Objectives • Reminder about Azure Governance • Explains the importance of Policies in the Microsoft Azure environment • Keys Concepts You Should Know • Azure Policy VS Azure RBAC • Azure Policy : Requirements • Azure Policy : Limitations • Azure Policy : Best Practices • Required Rights for Azure Policies • List of Built-in Azure Policy • Recommended Azure Policies • Azure GUI & CLI Tools you can use to assign and manage Azure Policies • DEMO : HowTo assign and manage policies and initiatives Policies
  4. 4. Contoso Ltd. Reminder about Azure Governance #HK
  5. 5. Contoso Ltd. #HK
  6. 6. Contoso Ltd. Azure Policy Why it’s important ? #HK
  7. 7. Contoso Ltd. Microsoft Azure Policy What is it and Why it’s important ? • Azure Policy is a Powerful Cloud service you can use to enforce “Security by design” principle on your Azure environment by applying your corporate security standards and enforcing different rules and effects over your resources so those resources stay compliant with your security policies and service level agreements. • Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. • Azure Policy must be defined in your global Azure Governance Document when designing your target Azure environment. • Azure Policy is an important component of the global Azure Governance model that you need to define at the beginning of any Azure Project. #HK
  8. 8. Contoso Ltd. Microsoft Azure Policy Examples /Real-world scenarios ! • For example, you can use Azure Policy to : • Allow only a certain SKU size of Virtual Machines (VM) in your Azure environment. ▪ Once this policy has been implemented, it will then be evaluated when creating and updating resources, as well as over your already existing resources • Restrict the Public IP Creation to avoid any security risk to the VM Exposition (to Internet) ! • Enforce some Azure Tags : EnvironmentType /ResourceOwner /CostCenter… • Allow Azure Resources deployment to specific Location (Regions) ▪ eg : VMs can be only deployed in West Europe Region ! #HK
  9. 9. Contoso Ltd. Azure Policy Keys Concepts /Components You Should Know #HK
  10. 10. Contoso Ltd. Microsoft Azure Policy Key Concepts /Components You Should Know [Part 1] • There are several components associated to Azure Policy, especially : • Policy Definition : The journey of creating and implementing a policy in Azure Policy begins with creating a policy definition. Every policy definition has conditions under which it is enforced. And, it has an accompanying effect that takes place if the conditions are met. • Policy Assignment : A policy assignment is a policy definition that has been assigned to take place within a specific scope. This scope could range from a management group to a resource group. The term scope refers to all the resource groups, subscriptions, or management groups that the policy definition is assigned to. Policy assignments are inherited by all child resources. This means that if a policy is applied to a resource group, it is applied to all the resources in that resource group. However, you can exclude a sub-scope from the policy assignment. • Policy Parameters :Policy parameters help simplify your policy management by reducing the number of policy definitions you must create. You can define parameters when creating a policy definition to make it more generic. Then you can reuse that policy definition for different scenarios. You do so by passing in different values when assigning the policy definition. For example, specifying one set of locations for a subscription. #HK
  11. 11. Contoso Ltd. Microsoft Azure Policy Key Concepts /Components You Should Know [Part 2] • Initiative Definition : An initiative definition is a collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions. They simplify by grouping a set of policies as one single item. For example, you could create an initiative titled “Secure Azure VM”, under this Initiative you can group Policy Definitions such “Allowed VM SKUs, Restrict IP Public Interface, Enforce Managed Disks, Enforce use of Hybrid Benefit…etc” • Initiative Assignment : Like a policy assignment, an initiative assignment is an initiative definition assigned to a specific scope. Initiative assignments reduce the need to make several initiative definitions for each scope. This scope could also range from a management group to a resource group. From the preceding example, the “Secure Azure VM” initiative can be assigned to different scopes. • Initiative Parameters : Like policy parameters, initiative parameters help simplify initiative management by reducing redundancy. Initiative parameters are essentially the list of parameters being used by the policy definitions within the initiative. #HK
  12. 12. Contoso Ltd. Microsoft Azure Policy Key Concepts /Components You Should Know [Part 3] • Keep in mind that a policy re-evaluation happens about once an hour, which means that if you make changes to your policy definition (or initiative definition) after implementing the policy (creating a policy assignment or initiative assignment) it will be re-evaluated over your resources within the hour. #HK
  13. 13. Contoso Ltd. Azure Policy VS Azure RBAC #HK
  14. 14. Contoso Ltd. Microsoft Azure Policy Azure Policy vs Azure RBAC • There are a few key differences between Azure Policy and RBAC (Role-Based Access Control) • Azure RBAC focuses on user actions at different scopes : • eg : you might be added to the contributor role for a resource group, allowing you to make changes to that resource group. • Azure Policy focuses on resource properties during deployment and for already existing resources. • Policy controls properties such as the types or locations of resources. Unlike RBAC, Policy is a default allow and explicit deny system. #HK
  15. 15. Contoso Ltd. Azure Policy Requirements #HK
  16. 16. Contoso Ltd. Microsoft Azure Policy Requirements • To be able to display Compliance Data, please ensure that your subscription is registered with the Policy Resource Provider : Microsoft.PolicyInsights • From Azure Portal > Your Subscription > Resource Provider > Search for “Microsoft.PolicyInsights > Click on “Register” #HK
  17. 17. Contoso Ltd. Microsoft Azure Policy Tip : Register Policy Resource Provider using Az CLI or Az PS Module • Register Microsoft.PolicyInsights resource Provider via Azure CLI 2.0 • Register Microsoft.PolicyInsights resource Provider via Az PowerShell Module #HK
  18. 18. Contoso Ltd. Azure Policy Limitations #HK
  19. 19. Contoso Ltd. Microsoft Azure Policy Limitations • There's a maximum count for each object type for Azure Policy. An entry of Scope means either the subscription or the Azure management group. • Refer to the following table to read more about Azure Policy limitations #HK Where What Maximum count Scope Policy Definitions 250 Scope Initiative Definitions 100 Tenant Initiative Definitions 1,000 Scope Policy or initiative assignements 100 Policy Definitions Parameters 20 Initiative Definitions Policies 100 Initiative Definitions Parameters 100 Policy or initiative Assignements Exclusions (notScopes) 250 Policy rule Nested Conditionals 512
  20. 20. Contoso Ltd. Azure Policy Best Practices #HK
  21. 21. Contoso Ltd. Microsoft Azure Policy Best Practices • While creating and managing policy definitions and assignments, here are a few “Best Practices” and “Recommendations” to keep in mind: • If you are creating policy definitions in your environment, we recommend starting with an audit effect, as opposed to a deny effect, to keep track of the impact of your policy definition on the resources in your environment. • It is important to keep organizational hierarchies in mind when creating definitions and assignments. We recommend creating definitions at a higher level, for example at the management group or subscription level, and assigning at the next child level. For example, if you create a policy definition at the management group level, a policy assignment of that definition can be scoped down to a subscription level within that management. • We recommend always using initiative definitions instead of policy definitions, even if you only have one policy in mind. For example, if you want to assign several Policy Definitions to secure your IaaS VM, you can simply create and assign one “Initiative Definition” that group all your Policy Definitions. ▪ Eg : One Initiative Definition named “Secure My VMs” to which you add “Restrict Public IP /enforce Hybrid Benefit /enforce use of Managed Disk” to it. You will then assign this initiative instead of all your Policy Definitions. • Keep in mind that once you have created an initiative assignment from an initiative definition, any new policy definitions added to the initiative definition automatically roll under the initiative assignment(s) under that initiative definition. #HK
  22. 22. Contoso Ltd. Azure Policy List of Built-in Policies and Initiatives Definitions #HK
  23. 23. Contoso Ltd. Microsoft Azure Policy List of Built-in Policies Definitions • In Azure Policy, Microsoft offers some built-in policies that are available to you by default. • Require SQL Server 12.0: This policy definition has conditions/rules to ensure that all SQL servers use version 12.0. Its effect is to deny all servers that do not meet these criteria. • Allowed Storage Account SKUs: This policy definition has a set of conditions/rules that determine if a storage account that is being deployed is within a set of SKU sizes. Its effect is to deny all storage accounts that do not adhere to the set of defined SKU sizes. • Allowed Resource Type: This policy definition has a set of conditions/rules to specify the resource types that your organization can deploy. Its effect is to deny all resources that are not part of this defined list. • Allowed Locations: This policy enables you to restrict the locations that your organization can specify when deploying resources. Its effect is used to enforce your geo-compliance requirements. • Allowed Virtual Machine SKUs: This policy enables you to specify a set of virtual machine SKUs that your organization can deploy. • Apply tag and its default value: This policy applies a required tag and its default value, if it is not specified by the user. • Enforce tag and its value: This policy enforces a required tag and its value to a resource. • Not allowed resource types: This policy enables you to specify the resource types that your organization cannot deploy. #HK
  24. 24. Contoso Ltd. Microsoft Azure Policy List of Built-in Policies and Initiatives Definitions #HK • To view all Built-in Policy and Initiatives Definitions, from “Policy” pane, click on “Definitions” • There are today : • 171 Policies Definitions • 23 Initiatives Definitions This Built-in Policies and initiatives are created by Microsoft to are ready to be used to help with common needs in Cloud.
  25. 25. Contoso Ltd. Microsoft Azure Policy Custom Policies #HK • Custom definitions are built by you. All Azure policies are JSON so writing custom polices is similar to writing ARM templates. Here is an example of an Custom Policy Definition : { "if": { "anyOf": [ { "source": "action", "like": "Microsoft.Network/publicIPAddresses/*" } ] }, "then": { "effect": "deny" } }
  26. 26. Contoso Ltd. Azure Policy Required « Rights » #HK
  27. 27. Contoso Ltd. Microsoft Azure Policy Required “Rights” • Azure Policy has permissions represented as operations in two different Resource Providers: • Microsoft.Authorization • Microsoft.PolicyInsight Important Note Several of the Built-in roles have various levels of permission to Azure Policy resources, such as: • Security Admin that can manage policy assignments and definitions but cannot view compliance information • Reader that can read details regarding policy assignments and definitions, but cannot make changes or view compliance information. • Owner has full rights • Contributor does not have any Azure Policy permissions. #HK
  28. 28. Contoso Ltd. Microsoft Azure Policy List of Actions : Scope “Microsoft.Authorization” #HK Action Description Microsoft.Authorization/policyAssignments/delete Delete a policy assignment at the specified scope. Microsoft.Authorization/policyAssignments/read Get information about a policy assignment. Microsoft.Authorization/policyAssignments/write Create a policy assignment at the specified scope. Microsoft.Authorization/policyDefinitions/delete Delete a policy definition. Microsoft.Authorization/policyDefinitions/read Get information about a policy definition. Microsoft.Authorization/policyDefinitions/write Create a custom policy definition. Microsoft.Authorization/policySetDefinitions/delete Delete a policy set definition. Microsoft.Authorization/policySetDefinitions/read Get information about a policy set definition. Microsoft.Authorization/policySetDefinitions/write Create a custom policy set definition.
  29. 29. Contoso Ltd. Microsoft Azure Policy List of Actions : Scope “Microsoft.PolicyInsights” #HK Action Description Microsoft.PolicyInsights/policyEvents/queryResults/action Query information about policy events. Microsoft.PolicyInsights/policyEvents/queryResults/read Query information about policy events. Microsoft.PolicyInsights/policyStates/queryResults/action Query information about policy states. Microsoft.PolicyInsights/policyStates/queryResults/read Query information about policy states. Microsoft.PolicyInsights/policyStates/summarize/action Query summary information about policy latest states. Microsoft.PolicyInsights/policyStates/summarize/read Query summary information about policy latest states. Microsoft.PolicyInsights/policyStates/triggerEvaluation/action Triggers a new compliance evaluation for the selected scope. Microsoft.PolicyInsights/policyTrackedResources/queryResults/read Query information about resources required by DeployIfNotExists policies.
  30. 30. Contoso Ltd. Azure Policy Recommended « Policies » ! #HK
  31. 31. Contoso Ltd. Microsoft Azure Policy Recommended Policies you Should implement [Part 1] • Here are some recommended Policies you can use for your Azure environment : #HK Policy Name Type Description Scope Allowed Locations Built-in This Built-in Policy helps you restricting Azure Regions where resource can be deployed Subscription or RG Allowed Locations for Resource Groups Built-in This Built-in Policy helps you restricting Azure Regions where resource groups can be deployed Subscription Allowed VM SKUs Built-in This Built-in Policy helps you defining a specific VM SKUs that can be deployed Subscription Restrict Public IP Custom This Custom Policy helps you restricting the Public IP creation Subscription or RG Enforce Managed Disks Custom This Custom Policy enforces the use of Managed Disks Subscription Enforce Hybrid Benefit Custom This Custom Policy enforces the use of Azure Hybrid Benefit Subscription Enforce specific Tags Built-in This Built-in Policy enforces the use of a specific Tags Subscription or RG Allowed Custom Images Custom This Custom Policy enforces the use of a specific VM Image Subscription or RG Not allowed VM Extension Custom This Custom Policy helps you define VM extensions blacklist Subscription or RG Ensure Storage File Encryption Custom This Custom Policy enforces the Storage file Encryption Subscription
  32. 32. Contoso Ltd. Microsoft Azure Policy Recommended Policies you Should implement [Part 2] • Here are some recommended Policies you can use for your Azure environment : #HK Policy Name Type Description Scope Allowed VM Deployment (VM Image) from a specific Resource Group Custom This policy helps you enforce the VM Deployment source. You can use it if you want to enforce the use of a specific Azure Images that are hosted/grouped on a specific Resource Group. Subscription or RG Restrict the Deployment of the Network service (VNET, NSG..) to a specific Resource Group Custom This policy helps you restrict the Network service deployment to a specific resources. This allows you to centralize the location of VNET/NSG/VPN Gateway and place it into a specific RG that you can secure (RBAC) and monitor. Subscription or RG Audit minimum number of owners for subscription Built-in This Policy helps you designate more than one subscription owner in order to have administrator access redundancy Subscription Audit maximum number of owners for a subscription Built-in This Policy helps you designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner. Subscription Audit accounts with owner permissions who are not MFA enabled on a subscription Built-in Using this Policy, you will be able to identify all Owner Accounts without Multi-Factor Authentication (MFA) enabled, this helps you prevent a breach of accounts or resources. Subscription
  33. 33. Contoso Ltd. Azure Policy Samples GitHub Repository #HK
  34. 34. Contoso Ltd. Azure Policy Samples GitHub Repository • There are several Azure Policy Samples available from Github. • The full list of these Azure Policies samples is available here : https://github.com/Azure/azure- policy/tree/master/samples • The Custom Policies listed on the previous tables are available from this Github repository #HK
  35. 35. Contoso Ltd. Azure GUI & CLI Tools you can use To assign and manage Policy Definition or Initiative Definition #HK
  36. 36. Contoso Ltd. Azure GUI & CLI Tools you can use To assign and manage Azure Policies • Azure Policy Definitions and Initiative Definitions can be assigned and managed using different GUI & CLI Tools : • GUI : ▪ Azure Portal • CLI ▪ Windows PowerShell (using AzureRM Module) ▪ Azure CLI 2.0 #HK
  37. 37. Contoso Ltd. Azure GUI & CLI Tools you can use To assign and manage Azure Policies • Azure Policy can also be assigned and managed using REST API interface • Refer to the following links to read more : https://docs.microsoft.com/fr-fr/rest/api/resources/policyassignments https://docs.microsoft.com/fr-fr/rest/api/resources/policydefinitions https://docs.microsoft.com/fr-fr/rest/api/resources/policysetdefinitions #HK
  38. 38. Contoso Ltd. HowTo Manage Azure Policies #HK
  39. 39. Contoso Ltd. Manage Azure Policies using Azure Portal
  40. 40. Contoso Ltd. HowTo #1 [Part1] Manage Azure Policies using Azure Portal #HK • First of all, launch the Azure Policy service in the Azure portal by clicking All services, then searching for and selecting Policy. Click on “Star” icon to add “Policy” as a Favorite Service so that can be always displayed on the left pane
  41. 41. Contoso Ltd. HowTo #1 [Part2] Manage Azure Policies using Azure Portal • Now we will assign a Built-in Policy named “Audit VMs that do not use managed disks” and applied it at Subscription level (Visual Studio Premium avec MSDN in the following example) • Click on “Policy” > “Assignments” > click “Assign policy” #HK
  42. 42. Contoso Ltd. HowTo #1 [Part3] Manage Azure Policies using Azure Portal • Click on … next to “Policy definition”, type “Managed” in the search box and select “Audit VMs that do not use managed disks” definition, then click “Select” • By default, an Assignment Name is the same as Policy definition name, change it if required ○ Finally, click “Assign” to assign the Definition #HK
  43. 43. Contoso Ltd. HowTo #1 [Part4] Manage Azure Policies using Azure Portal • The new assigned policy definition is now displayed under “Assignments” #HK
  44. 44. Contoso Ltd. HowTo #1 [Part5] Manage Azure Policies using Azure Portal • An Hour laler, you can view Compliance Data (from Compliance Blade) and check if all you VM are “Compliant”, it means that All VMs are using Managed Disks. • In the following example, we can see that there are two resources (two VMs) that are not “Compliant” with the assigned Policy definition (Audit VMs without managed disk” #HK
  45. 45. Contoso Ltd. HowTo #1 [Part6] Manage Azure Policies using Azure Portal • Click on your “Policy assignment” to view all Non-Compliant Resources (VM) #HK
  46. 46. Contoso Ltd. HowTo #1 [Part7] Manage Azure Policies using Azure Portal • To assign an initiative Definition, click on “Assign initiative” : #HK
  47. 47. Contoso Ltd. HowTo #1 [Part8] Manage Azure Policies using Azure Portal • Click on .. And then select your Initiative Definition. Follow the same instructions detailed previously regarding a Policy Assignment #HK
  48. 48. Contoso Ltd. HowTo #1 [Part9] Manage Azure Policies using Azure Portal • To create a Custom Policy Definition, you need first to create its JSON file and then deploy it to your Subscription policies store. • The following JSON file allows you to create a new Custom Policy Definition to restrict the deployment of Public IP Address. This Custom Policy becomes very useful if you want to reduce the surface attack on your VM by restricting the VM Exposition to Internet #HK • JSON Code { "if": { "anyOf": [ { "source": "action", "like": "Microsoft.Network/publicIPAddresses/*" } ] }, "then": { "effect": "deny" } }
  49. 49. Contoso Ltd. HowTo #1 [Part10] Manage Azure Policies using Azure Portal • All instructions you need to follow to successfully create and deploy this Custom Policy Definition (Public IP Restriction) are detailed in the following Blog Post : ○ https://hichamkadiri.wordpress.com/20 18/11/15/azure-policy-tip-of-the-week- bloquer-la-creation-des-adresses-ip- publique-public-ip-sur-vos- environnements-azure/ #HK
  50. 50. Contoso Ltd. HowTo #1 [Part11] Manage Azure Policies using Azure Portal • To delete a specific Policy or initiative definition assignment, click on “…” and select “Delete assignment” #HK
  51. 51. Contoso Ltd. Manage Azure Policies using the new Az PS Module
  52. 52. Contoso Ltd. HowTo #2 [Part1] Manage Azure Policies using the new Az PowerShell Module • To assign a Built-in Policy Definition using the New Az PowerShell Module, run the following command. • In the following example, the same Built-in policy definition (Audit VMs that do not use managed disks) will be assigned: #HK
  53. 53. Contoso Ltd. Useful Info /Tip Policy Definition Name Parameter • The –Name Parameter must be configured with an Id value of your Policy Definition. • To get the Policy Definition Id, just click-on it from the Definitions Balde, and copy/paste and Resource id #HK
  54. 54. Contoso Ltd. HowTo #2 [Part2] Manage Azure Policies using the new Az PowerShell Module • To list/get all existing Policy assignments, run the following PS command : #HK
  55. 55. Contoso Ltd. HowTo #2 [Part3] Manage Azure Policies using the new Az PowerShell Module • Tu delete a Policy assignment, run the following PS command : #HK
  56. 56. Contoso Ltd. HowTo #2 [Part4] Manage Azure Policies using the new Az PowerShell Module • To create a Custom Policy using Az PowerShell Module, the following PS command are used. • In the following example, a new Custom Policy that restrict the Public IP creation will be created: #HK
  57. 57. Contoso Ltd. Useful Link Programmatically create policies and view compliance data • This article walks you through programmatically creating and managing policies. Policy definitions enforce different rules and effects over your resources : https://docs.microsoft.com/en-us/azure/governance/policy/how- to/programmatically-create #HK
  58. 58. Contoso Ltd. Manage Azure Policies using Azure CLI 2.0
  59. 59. Contoso Ltd. HowTo #3 [Part1] Manage Azure Policies using Azure CLI 2.0 • To assign a Built-in Policy Definition using Azure CLI 2.0, run the following Az CLI command. • In the following example, the same Built-in policy definition (Audit VMs that do not use managed disks) will be assigned: #HK
  60. 60. Contoso Ltd. Useful Info /Tip Policy Definition Name Parameter • The --Name Parameter must be configured with an Id value of your Policy Definition. • To get the Policy Definition Id, just click-on it from the Definitions Balde, and copy/paste and Resource id #HK
  61. 61. Contoso Ltd. HowTo #3 [Part2] Manage Azure Policies using Azure CLI 2.0 • To list/get all existing Policy assignments, run the following Az CLI command : #HK
  62. 62. Contoso Ltd. HowTo #3 [Part3] Manage Azure Policies using Azure CLI 2.0 • Tu delete a Policy assignment, run the following Az CLI command : #HK
  63. 63. Contoso Ltd. Manage Policies using Az CLI & Az Module Useful Links #HK
  64. 64. Contoso Ltd. Manage Policies using Az CLI & Az Module Useful Links • Here are some useful links if you want to read more about assigning and managing Azure Policies using Azure CLI 2.0 and the new Az PowerShell Module • Manage Azure Policy via Azure CLI 2.0 • https://docs.microsoft.com/en-us/cli/azure/policy?view=azure-cli-latest • Manage Azure Policy via Az PowerShell Module • https://docs.microsoft.com/bs-cyrl-ba/azure//governance/policy/assign-policy- powershell #HK
  65. 65. Contoso Ltd. Do you have any Azure Project (Design/Security/Migration)? If yes, feel free to contact us Your Contacts Hicham KADIRI Lead Cloud Architect /Azure Advisor & Microsoft MVP hicham.kadiri@k-nd-k-group.com +33 (0)6 52 97 72 84 Mohsine CHOUGDALI Key Account Manager mohsine.chougdali@k-nd-k-group.com +33 6 66 26 55 15 A K&K Group Company
  66. 66. Contoso Ltd. #HK o_O /hicham_kadiri /in/hichamkadiri Subscribe to my Blog hichamkadiri.wordpress.com
  67. 67. Contoso Ltd. End of Lesson Hope this Helps ☺

×