Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building Automated Governance Using Code, Platform Services & Several Small Puppies


Published on

This session explores the Azure Scaffold that provides the framework to implement governance in Azure in an automated and enforceable manner.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Building Automated Governance Using Code, Platform Services & Several Small Puppies

  1. 1. Rob Dendtler Data Solution Architect Microsoft
  2. 2. Enterprise Enrollment Account A Subscription 1 Subscription 2 Subscription 3 Account B Department A Account C Subscription 4 Department B
  3. 3.
  4. 4.
  5. 5. { "if" : { <condition> | <logical operator> }, "then" : { "effect" : "deny | audit | append“ } } Azure Resource Manager Policy Introduction:
  6. 6. Case Study Toddbert Inc Innovation Environment Dev Environment Prod Environment
  7. 7. Service Catalog Service Option Controls Geographic Limits Resource Locks Tagging Lifecycle & Automation Archiving Notifications Dashboard Integrations To Do
  8. 8. Resource Manager Policies • Service Catalog • Service Option Controls • Geographic Limits • Tagging Resource Locks Test/Dev Labs • Cost Management • Environment Automation Azure Automation • Lifecycle Management • Azure Automation Azure Monitor • Notifications Alerts (notification groups) • Dashboard • Integrations (jira) • Archiving Azure Security Centre • Dashboards • Advanced Analysis
  9. 9. { "if" : { <condition> | <logical operator> }, "then" : { "effect" : "deny | audit | append" } } Logical Operator Syntax Not "not" : {<condition or operator >} And "allOf" : [ {<condition or operator >},{<condition or operator >}] Or "anyOf" : [ {<condition or operator >},{<condition or operator >}] Condition Name Syntax Equals "equals" : "<value>" Like "like" : "<value>" Contains "contains" : "<value>" In "in" : [ "<value1>","<value2>" ] ContainsKey "containsKey" : "<keyName>" Exists "exists" : "<bool>"
  10. 10. • CanNotDelete: athorized users can still read and modify a resource, but they can't delete it. • ReadOnly*: Authorized users can read from a resource, but they can't delete it or perform any actions on it. The permission on the resource is restricted to the Reader role. • Subscription • Resource Group • Resource
  11. 11. Demo: Azure Resource Policies
  12. 12. Azure Security Center Enable security at cloud speed Gain visibility and control Detect cyber threats Integrate partner solutions
  13. 13. Provides a unified view of security across all your Azure subscriptions Makes it easy to understand your security posture, including vulnerabilities and threats detected Integrates security event logging and monitoring, including events from partners APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and analyze security information using existing tools Gain visibility and control
  14. 14. Access security data in near real-time from your Security Information and Event Management (SIEM) Export Logs Log Analytics/ SIEM Azure Diagnostics Azure Storage Rehydrate: “Forwarded Events” Flat files (IIS Logs) CEF formatted logs Azure Log Integration Standard Log Connector (ArcSigt, Splunk, etc) Azure APIs
  15. 15. Enable agility with security Tailors security recommendations based on the security policy defined for the subscription or resource group Guides users through the process of remediating security vulnerabilities Enables rapidly deployment of security services and appliances from Microsoft and partners (firewalls, endpoint protection, and more)
  16. 16. Prioritized recommendations take the guesswork out of security for resource owners
  17. 17. Demo: Security Center
  18. 18. Monitoring your environments Hot path Enables real-time service feedback loop Example usage: service availability alerts (60s ingestion latency) Warm Path Enables diagnostics capabilities Example usage: Service degraded alerts, Informational alerts (5m ingestion latency) Cold Path System & Audit Logging Example usage: Statistics and reporting
  19. 19. Demo: Azure Monitor
  20. 20. Azure Scaffold ARM Policies Azure Security Centre Azure Monitor Naming Guidance Resource Locks