Implementing an Azure policy comprises three main parts. We will start with the policy definition, policy assignment and scoping, and policy evaluation. Policy Definition There are many built-in policies, and users can write custom policies. You can see built-in policies by navigating to Azure Portal …
Role-based access control (RBAC) is used for the access management of cloud resources. This is a critical function for any organization as we do not want unauthorized users to access our resources. You can follow the principle of least privilege and assign RBAC roles to …
Using custom RBAC roles, we can create fine-tuned roles that match your organizational needs. This customization offered by Azure RBAC is a boon for administrators. We can combine multiple roles and create a single role, or we can take a built-in role as a baseline …
From the Azure portal, you can add/delete locks by following the instructions in this section. You can also add/delete locks from Azure PowerShell, the Azure CLI, ARM templates, and the REST API. The first step in assigning a lock is to understand which scope you …
Whenever you are implementing infrastructure, the first thing you should think about isn’t virtual machine; it’s the network. As mentioned earlier, the network is the fundamental building block that enables communication and requires the most planning. In Azure, virtual networks represent your own network in …
In the Chapter 2, “Compliance and Cloud Governance,” you learned what Azure regions are and what role they play in resource deployment and data residency. In the case of virtual networks, they are always scoped to a single region or location. Nevertheless, this doesn’t stop …
IP addresses can be assigned or allocated in two ways, statically or dynamically. In on-premises, we had a similar concept of fixed IP addresses for our resources; a static IP address is the same logic. With statically assigned IP addresses, the IP addresses do not …
Creating a Custom Route 7. After confirming the details, you can click OK, and the route will be added to the Routes blade of the routing table. In short, this route will be applied to the private subnet with the address range 172.17.3.0/24, and all …
Using system routes, Azure automatically handles all packet routing. As mentioned earlier, users can always override these routes using user-defined routes (UDRs). To give an example of routing, assume we have three subnets inside a virtual network. The subnets are the public subnet, DMZ subnet, …
The identity of a virtual network can be provided to the Azure service by using service endpoints. Many services support virtual network access, and with the service endpoint enabled, you can access these services in a secure manner. The communication from your virtual network to …