Access Compliance Data and Manage Compliance for Azure Resources

In our previous blog post, we discussed how we can write custom Azure Policies in accordance with Organization’s Strategic and Compliance Requirements. We also learned how to apply policies at different scope levels in Azure. While planning, writing and applying compliance requirements in the form of Azure Policies is important, it is equally important to audit existing resources for appropriate configurations and settings, evaluate the results and take certain actions. One needs to be evaluate how many resources are compliant with the defined requirements, what resources are non-compliant, what corrective actions can be taken to bring them in compliance and also remove any false positives.
Continue reading “Access Compliance Data and Manage Compliance for Azure Resources”

Create and Assign Custom Azure Policies for Azure Governance

In our previous blog post, we discussed on using Azure Policies for Azure Governance and staying compliant with the same. We also discussed how we can use built-in Azure Policies to meet the governance criteria and start easily. However, the relationship between business and IT varies a lot from Organization to Organization. So from time to time, you’ll need to create your own Azure Policies and applying them to a scope. Custom Azure policies allows you to be lot more compliant and a lot more flexible. In this blog post, we are going to discuss the same. Continue reading “Create and Assign Custom Azure Policies for Azure Governance”

Organize your Azure Resources across Subscriptions using Management Groups

If you are responsible for managing multiple Azure subscriptions, you would have notice that there are lot of issues maintaining consistency in resource deployment, organization and management across subscriptions. This is primarily because different subscriptions are designed to target different needs such as products or departments and therefore the Azure Resources being used by different set of people everywhere. To help with bringing consistency across subscriptions, one can use recently launched Azure Management Groups. Azure Management Groups helps to apply governance controls based on access controls, policies and compliance.
Continue reading “Organize your Azure Resources across Subscriptions using Management Groups”

Working with Audit logs in Azure DevOps

With the arrival of the Sprint 154 updates, auditing has been introduced in the Azure DevOps. This has been a long standing demand from various enterprises (including Ours !). We wanted to observe activities and monitor changes that have occurred in the Azure DevOps across the Organization. It is in the preview phase as of this writing of this blog post, but it is very useful in the preview phase as well. In this blog post, we are going to see what is recorded in the Azure DevOps as part of the auditing, how we can access it and what we can do with the same.
Continue reading “Working with Audit logs in Azure DevOps”

Store the app secrets in Azure Key Vault and use during Azure Pipelines

You can easily store your environment related secrets in the Azure Pipelines releases as variables and mark them as secrets which will encrypt and hide them. So anyone having access to the release definition would be not able to view them. Most of the times, it suffices as once set, they become encrypted and can not be viewed in text form.

However, sometimes it may happen that the person who keeps the secret would not be the same person as who is creating the release definition. Think of that as a way of segregating the responsibilities between the two. Also, it may be possible that the person who has provisioned the environment is not comfortable to share the secrets with anyone in plain text. After all, the best way to keep a secret is not to tell anyone about it. This is where the Azure Key Vault fits in very nicely. It can be used to store and transfer the secrets/certificates needed for your environment in a secure way.
Continue reading “Store the app secrets in Azure Key Vault and use during Azure Pipelines”