![EXPLANATION
Azure Policy
Azure LMNOEPQR
CSTUVWXPYEY
0Z[7]U^_
`a4bNcEdef7
$/);Ugh
Azure RBAC
Azure NOEPdij)
klmPUn;opq
Azure Resource Manager rd
stu"vwhcPSx
'yEzE`aU{|](https://image.slidesharecdn.com/20211216jazuglt-211216123236/85/Azure-Policy-Azure-RBAC-4-320.jpg)
!["policyRule": {
"if": {
"anyOf": [
{
"field": "type",
"like": "Microsoft.Compute/*"
},
{
"field": "type",
"like": "Microsoft.SqlVirtualMachine/*"
}
]
},
"then": {
"effect": "deny"
}
}
Deny to use IaaS to all -> Use Azure Policy
Azure Policy • NOEP‚ƒ U
„…7$`aU deny u9)†0
4‡ˆBM'=‰Š‹ŒU•Ž=
bNcEU‰Š
•pq•YEQ‘’“PlNQc
”F‘NOEP•YEQ•
klc”F•`a•M–—d˜™
Bo IaaS šŠGHU{—‡ˆ
WHY?](https://image.slidesharecdn.com/20211216jazuglt-211216123236/85/Azure-Policy-Azure-RBAC-7-320.jpg)
![Azure Policy 0 Azure RBAC M /?H§¨©¥ª«Š¬-
1. Azure Policy-
Azure Resource Manager '®u")NOEPMQRCST=¯¥°±²MNOE
PQR³´µEMQRCSTU„…7$]U^_¶
klc”F§`a¬•{—7B/§vG7=’EVPšŠ·¸B%•{—‡¬
¹4AºU»#v;=¹4AºU»<klmP¼‡U½#$/);d˜™Bo=
¾¿7vVWXPYEYU‰Š¶
2. Azure RBAC-
u8À8BPÁEQd¯H)n;/yEzEM`aUpq¶
yEzEMklc”F§`a¬U^_7={|iÂMÃÄ•klc”FU{—¶
3. rŘ™-
Azure Policy > Azure RBAC
Azure RBAC '¼‡u"$/$Æ Azure Policy 'µÇB~µÇ¶
Summary
https://docs.microsoft.com/ja-jp/azure/governance/policy/overview#azure-policy-and-azure-rbac
IJKLDI>=M)NOPIQQ](https://image.slidesharecdn.com/20211216jazuglt-211216123236/85/Azure-Policy-Azure-RBAC-14-320.jpg)
Azure Policy + Azure RBAC の導入に際して得たアレコレ
- 1. Azure Policy + Azure RBAC の導入に際して得たアレコレ ! "#$% &'()'$*+,-. /0.12 3-40$5+6+'(+ 7$89:; <=<>7><7>?
- 3. <:=>?@ABCDEFGH%IJ#$KKK Do everything with Azure RBAC ... really?
- 4. EXPLANATION Azure Policy Azure LMNOEPQR CSTUVWXPYEY 0Z[7]U^_ `a4bNcEdef7 $/);Ugh Azure RBAC Azure NOEPdij) klmPUn;opq Azure Resource Manager rd stu"vwhcPSx 'yEzE`aU{|
- 5. <:=>?};#v;~@•€KKK I kind of get it, so I'll pick one.
- 6. Deny to use IaaS to all 01 Which do you have to use, Azure Policy or Azure RBAC?
- 7. "policyRule": { "if": { "anyOf": [ { "field": "type", "like": "Microsoft.Compute/*" }, { "field": "type", "like": "Microsoft.SqlVirtualMachine/*" } ] }, "then": { "effect": "deny" } } Deny to use IaaS to all -> Use Azure Policy Azure Policy • NOEP‚ƒ U „…7$`aU deny u9)†0 4‡ˆBM'=‰Š‹ŒU•Ž= bNcEU‰Š •pq•YEQ‘’“PlNQc ”F‘NOEP•YEQ• klc”F•`a•M–—d˜™ Bo IaaS šŠGHU{—‡ˆ WHY?
- 8. Deny operating Azure Policy Which do you have to use, Azure Policy or Azure RBAC? 02
- 9. Deny operating Azure Policy -> Azure RBAC Azure Policy MNOEP‚ƒ• Microsoft.Authorization Microsoft.PolicyInsights ›œB•GH Write –—UžŸ bNcEU <0¡¢4`a£‡ Contributor 0; Reader 0;¤)¥¦ WHY?
- 10. Azure Policy Exclusion Settings exclusion setting? 03
- 11. Exclusion Settings (preview) Expiry date !"#$%&'()*+ ',-./012 Category ',-.3456789 ',:;<=<2>0? @A3-.012 BC'0D<=45EFGH COST !"#$%&''()*+, -./001234/56
- 12. Don't you need Azure RBAC? 04 No, of course not.
- 13. Which mechanism should be adopted? Azure Policy want to enforce the rule Azure RBAC want to allow or deny some of authority Purpose What you want to achieve as Azure Administrators WANT Thing you want to do
- 14. Azure Policy 0 Azure RBAC M /?H§¨©¥ª«Š¬- 1. Azure Policy- Azure Resource Manager '®u")NOEPMQRCST=¯¥°±²MNOE PQR³´µEMQRCSTU„…7$]U^_¶ klc”F§`a¬•{—7B/§vG7=’EVPšŠ·¸B%•{—‡¬ ¹4AºU»#v;=¹4AºU»<klmP¼‡U½#$/);d˜™Bo= ¾¿7vVWXPYEYU‰Š¶ 2. Azure RBAC- u8À8BPÁEQd¯H)n;/yEzEM`aUpq¶ yEzEMklc”F§`a¬U^_7={|iÂMÃÄ•klc”FU{—¶ 3. rŘ™- Azure Policy > Azure RBAC Azure RBAC '¼‡u"$/$Æ Azure Policy 'µÇB~µÇ¶ Summary https://docs.microsoft.com/ja-jp/azure/governance/policy/overview#azure-policy-and-azure-rbac IJKLDI>=M)NOPIQQ
- 15. CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. Please keep this slide for attribution. THANKS Does anyone have any questions?