Implementing an Azure policy comprises three main parts. We will start with the policy definition, policy assignment and scoping, and policy evaluation. Policy Definition There are many built-in policies, and users can write custom policies. You can see built-in policies by navigating to Azure Portal …
If you are new to Azure, you will find it a little confusing to understand the distinct roles in Azure and how they are different. When Azure was released, the RBAC roles were not there. We had something called the classic subscription administration roles. There …
Sometimes performing actions without caution will lead to accidental deletion or modification of mission-critical workloads that you have in your environment. In Azure, administrators can use locks to lock a subscription, resource group, or resource from getting deleted or modified. The lock will override any …
As mentioned earlier, tags can be applied at the subscription, resource group, or resource level. You can always search for Tags in the Azure portal, and the portal will list all tags that are there in your environment, as shown in Figure 2.26. FIGURE 2.26 …
In the Chapter 2, “Compliance and Cloud Governance,” you learned what Azure regions are and what role they play in resource deployment and data residency. In the case of virtual networks, they are always scoped to a single region or location. Nevertheless, this doesn’t stop …
Creating Virtual Networks 7. Click Review + Create, and your request will be validated. Once the validation is passed, you can click Create to create the resource. In Exercise 3.1, you created a virtual network with address spaces 10.1.0.0/16 and 192.168.0.0/16. You also added two …
Network routes or route tables have existed in traditional networks for an exceptionally long time. The routes that are part of the route table decide how to direct a packet to the destination or, in other words, determine which is the next hop the resource …
Using system routes, Azure automatically handles all packet routing. As mentioned earlier, users can always override these routes using user-defined routes (UDRs). To give an example of routing, assume we have three subnets inside a virtual network. The subnets are the public subnet, DMZ subnet, …
The identity of a virtual network can be provided to the Azure service by using service endpoints. Many services support virtual network access, and with the service endpoint enabled, you can access these services in a secure manner. The communication from your virtual network to …
We are familiar with the DNS servers that we used to administer on-premises. Some organizations used Windows Server as the server for hosting DNS zones, while others used BIND-based solutions. There are other third party-solutions that are used to manage DNS zones and records. In …