Implementing an Azure policy comprises three main parts. We will start with the policy definition, policy assignment and scoping, and policy evaluation. Policy Definition There are many built-in policies, and users can write custom policies. You can see built-in policies by navigating to Azure Portal …
Scope is not an unfamiliar word for us. You saw this term when we discussed management groups and policies. In RBAC, scope is used to define where exactly the security principal should have the permissions described in the definition. Allowed scopes include management groups, subscriptions, …
You already saw what a role assignment is theoretically when we studied the concepts related to Azure RBAC. In this section, you will be reusing the custom role you created in the previous exercise and assigning that role to a user. Once it’s assigned, you …
Resource tags can be used to logically organize the resources in your environment. Each tag comprises a key-value pair, where you will be adding a name and a corresponding value. For example, if your key or name for the tag is Environment, you could have …
Whenever you are implementing infrastructure, the first thing you should think about isn’t virtual machine; it’s the network. As mentioned earlier, the network is the fundamental building block that enables communication and requires the most planning. In Azure, virtual networks represent your own network in …
Creating Virtual Networks 7. Click Review + Create, and your request will be validated. Once the validation is passed, you can click Create to create the resource. In Exercise 3.1, you created a virtual network with address spaces 10.1.0.0/16 and 192.168.0.0/16. You also added two …
Public IP addresses are associated with a virtual machine NIC, public load balancer, VPN gateways, application gateways, and any other resource that can be accessed from the Internet. Here also we can choose the allocation method to be static or dynamic. However, the availability of …
Creating a Custom Route 7. After confirming the details, you can click OK, and the route will be added to the Routes blade of the routing table. In short, this route will be applied to the private subnet with the address range 172.17.3.0/24, and all …
The identity of a virtual network can be provided to the Azure service by using service endpoints. Many services support virtual network access, and with the service endpoint enabled, you can access these services in a secure manner. The communication from your virtual network to …
By implementing private endpoints, Azure PaaS services will get a private IP address on your virtual network. As the service is assigned with a private IP address, whenever you send traffic to a PaaS resource, the traffic always stays within your virtual network. Private endpoints …