SlideShare a Scribd company logo

AzurePolicy DevOps Pune Feb23

Rahul Khengare, profile picture
Rahul Khengare

This document summarizes a presentation about Azure Policy. It discusses: - The benefits and concerns of cloud computing that create a need for cloud governance and security practices - What Azure Policy is and how it works to assess and enforce enterprise standards across Azure resources through "policy as code" - The different types of Azure policies including audit, preventative, and remediation policies - Examples of governance needs that can be addressed through Azure policies around security, compliance, operations, and cost management

Technology
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Azure Policy Rahul Khengare 11th Feb 2023 DevOps-Pune Meetup Group
About Me Sr. Staff Engineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
Agenda ◎ Cloud benefits and Concerns ◎ Need for Cloud governance and Security ◎ What is Azure Policy Framework ◎ Types of Azure Policies ◎ How Azure Policy works ◎ Cloud Governance needs ◎ Demo
What Governance and Security practices you follow?
Some Known Practices ◎ RBAC ◎ Tags ◎ Network/Firewall/Encryptions/Private Endpoints ◎ Different Security tools with ○ Detective policies ○ Preventative Controls ◎ Cost Management ◎ Security audits ◎ Many More …
Cloud Benefits and Concerns Benefits Speed Agility Ease E.g. 1000+ Virtual machine can be created in 5-10 min using automation Concerns Who is created resources? Who is using resources? Who has the access? Are resources secure? Are we protecting sensitive data? Cost Surprises
“ Through 2025, 99% of cloud security failures will be the customerʼs fault - Gartner
What drives your need for policy enforcement? ◎ Maintain security and performance consistency ◎ Regulatory Compliance ◎ Enforce enterprise-wide design principles ◎ Controlling cost
Azure Policy What it is? How it works? Different Types
What is Azure Policy? ◎ Assess and enforce enterprise-wide governing standards ◎ Free services ◎ Policy as a Code ◎ Real Time Remediation ◎ Apply Policy at Scale ◎ Provide visibility of resources ○ Compliant ○ Non-Compliant ◎ Compliance Reports Example: Prevent the creation of virtual machines with basic A0 to A4 SKUs.
SCOPE Policy Definitions, Initiatives, Assignments 11 Policy Definition 1 Policy Definition 2 Policy Definition 3 Policy Initiative Assignment
How it Works?
Policy Scopes 13
Types of Azure Policies Audit/Detective Just audits the resources Effects: ◎ Audit ◎ AuditIfNotExists. E.g. Audit all the VMs that do not use managed disks. Preventative Prevent resource creation/updation Effects: ◎ Deny E.g. Prevent user from provisioning any resources in the West US region Remediation Apply desired configuration at resource creation/updation Effects: ◎ DeployIfNotExists ◎ Append ◎ Modify E.g. Deploy Log Analytics agent for Windows VMs
COST MANAGEMENT * Allowed storage account SKUs [Preventative] * Allowed virtual machine size SKUs [Preventative] * Azure VPN gateways should not use ʻbasicʼ SKU [Preventative] OPERATIONAL * Resource or resource group name should contain XYZ prefix as part of naming conventions [Audit] * Allowed region for deployments [Preventative] * Append a tag and its value from the resource group [Remediation] Governance needs and Azure Policies
* Secure transfer to storage accounts should be enabled [Audit] * Disk encryption should be enabled on Azure Data Explorer [Audit or Preventative] * Network interfaces should not have public Ips [Preventative] BUSINESS/COMPLIANCE * Azure Cosmos DB allowed locations [Preventative] * MFA should be enabled on accounts with owner permissions on your subscription [Audit] * SQL Database should avoid using GRS backup redundancy [Preventative] SECURITY Governance needs and Azure Policies
Azure Policy in Action!
Thanks! Any questions?
References ◎ Azure Policy Overview ◎ Azure Built-In Policies ◎ Azure Policy Samples ◎ Manage Policy as Code ◎ Create custom policy definitions ◎ Contribute to Azure Policy Samples ◎ Regulatory Compliance

More Related Content

PDF
AWS Well-Architected Framework (nov 2017)
Rick Hwang
 
PDF
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
PDF
Microsoft Azure Fundamentals AZ 900 ####
MohanArumugam24
 
PPT
az-104 Microsoft Azure Administrator Associate
JLoudesAnthooRoys
 
PDF
Essential Tools and Technologies for ICT Engineers: Insights by Abhilash Dili...
ict industry
 
PPTX
Azure Governance for Enterprise
Mohit Chhabra
 
PDF
011 Neo4j Ops Manager Intro and Roadmap - NODES2022 AMERICAS Advanced 3 - Chr...
Neo4j
 
PDF
Container Security Using Microsoft Defender
Rahul Khengare
 
AWS Well-Architected Framework (nov 2017)
Rick Hwang
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Microsoft Azure Fundamentals AZ 900 ####
MohanArumugam24
 
az-104 Microsoft Azure Administrator Associate
JLoudesAnthooRoys
 
Essential Tools and Technologies for ICT Engineers: Insights by Abhilash Dili...
ict industry
 
Azure Governance for Enterprise
Mohit Chhabra
 
011 Neo4j Ops Manager Intro and Roadmap - NODES2022 AMERICAS Advanced 3 - Chr...
Neo4j
 
Container Security Using Microsoft Defender
Rahul Khengare
 

Similar to AzurePolicy DevOps Pune Feb23 (20)

PDF
Unit-II-part 3.pdf
ayushsrivastava750286
 
PPTX
Discover Neo4j Aura Workshop (9.27.23).pptx
Neo4j
 
PPTX
Monitor everything
Brian Christner
 
PDF
7.habits.every.azure.admin.must.have.v082020
Wim Matthyssen
 
PPTX
Data Privacy By Design with AWS
Krzysztof Kąkol
 
PDF
Enterprise Cloud Security
MongoDB
 
PDF
GCP Security Refresher and GKE Enterprise In Action
Stacy Véronneau
 
PPTX
Hacking DevOps
Phillip Marlow
 
PDF
Platform Engineering
Opsta
 
PDF
Designing for operability and managability
Gaurav Bahrani
 
PDF
Hacking into your containers, and how to stop it!
Eric Smalling
 
PDF
[Azure Governance] Lesson 4 : Azure Policy
☁ Hicham KADIRI ☁
 
ODP
Pyramid patterns
Carlos de la Guardia
 
PPTX
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
PDF
Three Stage of AWS Cost Optimisation with ActOnCloud Trusted Fixer
Madan Ganesh Velayudham
 
PPTX
vVols and Your Cloud Operating Model with Tristan Todd
Chris Williams
 
PPTX
Lecture 11 managing the network
Wiliam Ferraciolli
 
PDF
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
PPTX
Azure presentation nnug dec 2010
Ethos Technologies
 
PPTX
Cloud Interoperability and Portability at Future Pre-FIA 2013 Multi-Clouds Wo...
Oliver Barreto Rodríguez
 
Unit-II-part 3.pdf
ayushsrivastava750286
 
Discover Neo4j Aura Workshop (9.27.23).pptx
Neo4j
 
Monitor everything
Brian Christner
 
7.habits.every.azure.admin.must.have.v082020
Wim Matthyssen
 
Data Privacy By Design with AWS
Krzysztof Kąkol
 
Enterprise Cloud Security
MongoDB
 
GCP Security Refresher and GKE Enterprise In Action
Stacy Véronneau
 
Hacking DevOps
Phillip Marlow
 
Platform Engineering
Opsta
 
Designing for operability and managability
Gaurav Bahrani
 
Hacking into your containers, and how to stop it!
Eric Smalling
 
[Azure Governance] Lesson 4 : Azure Policy
☁ Hicham KADIRI ☁
 
Pyramid patterns
Carlos de la Guardia
 
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
Three Stage of AWS Cost Optimisation with ActOnCloud Trusted Fixer
Madan Ganesh Velayudham
 
vVols and Your Cloud Operating Model with Tristan Todd
Chris Williams
 
Lecture 11 managing the network
Wiliam Ferraciolli
 
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
Azure presentation nnug dec 2010
Ethos Technologies
 
Cloud Interoperability and Portability at Future Pre-FIA 2013 Multi-Clouds Wo...
Oliver Barreto Rodríguez
 
Ad

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Teaching material agriculture food technology
LiaRayya
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Ad

AzurePolicy DevOps Pune Feb23

  • 1. Azure Policy Rahul Khengare 11th Feb 2023 DevOps-Pune Meetup Group
  • 2. About Me Sr. Staff Engineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
  • 3. Agenda ◎ Cloud benefits and Concerns ◎ Need for Cloud governance and Security ◎ What is Azure Policy Framework ◎ Types of Azure Policies ◎ How Azure Policy works ◎ Cloud Governance needs ◎ Demo
  • 4. What Governance and Security practices you follow?
  • 5. Some Known Practices ◎ RBAC ◎ Tags ◎ Network/Firewall/Encryptions/Private Endpoints ◎ Different Security tools with ○ Detective policies ○ Preventative Controls ◎ Cost Management ◎ Security audits ◎ Many More …
  • 6. Cloud Benefits and Concerns Benefits Speed Agility Ease E.g. 1000+ Virtual machine can be created in 5-10 min using automation Concerns Who is created resources? Who is using resources? Who has the access? Are resources secure? Are we protecting sensitive data? Cost Surprises
  • 7. “ Through 2025, 99% of cloud security failures will be the customerʼs fault - Gartner
  • 8. What drives your need for policy enforcement? ◎ Maintain security and performance consistency ◎ Regulatory Compliance ◎ Enforce enterprise-wide design principles ◎ Controlling cost
  • 9. Azure Policy What it is? How it works? Different Types
  • 10. What is Azure Policy? ◎ Assess and enforce enterprise-wide governing standards ◎ Free services ◎ Policy as a Code ◎ Real Time Remediation ◎ Apply Policy at Scale ◎ Provide visibility of resources ○ Compliant ○ Non-Compliant ◎ Compliance Reports Example: Prevent the creation of virtual machines with basic A0 to A4 SKUs.
  • 11. SCOPE Policy Definitions, Initiatives, Assignments 11 Policy Definition 1 Policy Definition 2 Policy Definition 3 Policy Initiative Assignment
  • 14. Types of Azure Policies Audit/Detective Just audits the resources Effects: ◎ Audit ◎ AuditIfNotExists. E.g. Audit all the VMs that do not use managed disks. Preventative Prevent resource creation/updation Effects: ◎ Deny E.g. Prevent user from provisioning any resources in the West US region Remediation Apply desired configuration at resource creation/updation Effects: ◎ DeployIfNotExists ◎ Append ◎ Modify E.g. Deploy Log Analytics agent for Windows VMs
  • 15. COST MANAGEMENT * Allowed storage account SKUs [Preventative] * Allowed virtual machine size SKUs [Preventative] * Azure VPN gateways should not use ʻbasicʼ SKU [Preventative] OPERATIONAL * Resource or resource group name should contain XYZ prefix as part of naming conventions [Audit] * Allowed region for deployments [Preventative] * Append a tag and its value from the resource group [Remediation] Governance needs and Azure Policies
  • 16. * Secure transfer to storage accounts should be enabled [Audit] * Disk encryption should be enabled on Azure Data Explorer [Audit or Preventative] * Network interfaces should not have public Ips [Preventative] BUSINESS/COMPLIANCE * Azure Cosmos DB allowed locations [Preventative] * MFA should be enabled on accounts with owner permissions on your subscription [Audit] * SQL Database should avoid using GRS backup redundancy [Preventative] SECURITY Governance needs and Azure Policies
  • 17. Azure Policy in Action!
  • 19. References ◎ Azure Policy Overview ◎ Azure Built-In Policies ◎ Azure Policy Samples ◎ Manage Policy as Code ◎ Create custom policy definitions ◎ Contribute to Azure Policy Samples ◎ Regulatory Compliance