10 Importance of governance: Azure Policy and Azure Blueprints
This chapter covers
- What is Azure Policy, actually?
- Getting started with Azure Policy
- Custom policies
- Centralized security policy management
- Azure Blueprints
Governance in Azure can be seen as a combination of different Azure services you can use to manage your resources and ensure they meet your organization’s guidelines. You might be asking yourself what does governance have to do with Azure security? I’d like to offer a perspective. In chapter 6 you learned about cloud security posture management and how you can use Microsoft Defender for Cloud to continuously assess the configurations of resources in your environment and detect any misconfigurations. New resources can get deployed daily (same with subscriptions).
If new resources that are deployed to your Azure environment are not adhering to security best practices, potential misconfigurations or vulnerabilities can have a negative impact on your organization’s overall security posture. This chapter teaches you how you can use Azure Policy to prevent this, ensuring that resources that are deployed to your environment adhere to security best practices. That way Defender for Cloud doesn’t flag these resources as having misconfigurations or vulnerabilities, ensuring a baseline of security is met in your environment.