Study/AZ-104-MicrosoftAzureAdministrator
1
0
Fork 0
mirror of https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator.git synced 2026-02-04 23:59:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
staleycyn 2023-06-07 06:39:48 -07:00 committed by GitHub
parent 0ca62efe26
commit faecb67985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
Instructions/Demos/02 - Administer Governance and Compliance.md Normal file
View File

@ -0,0 +1,138 @@
---
demo:
title: 'Demonstration: Administer Governance and Compliance'
module: 'Administer Governance and Compliance'
---
# 02 - Administer Governance and Compliance
## Configure Subscriptions
This area does not have a formal demonstration. Consider this Quickstart.
[Create an additional Azure subscription](https://docs.microsoft.com/azure/cost-management-billing/manage/create-subscription)
## Configure Azure Policy
In this demonstration, we will work with Azure policies.
[Tutorial: Build policies to enforce compliance - Azure Policy](https://docs.microsoft.com/azure/governance/policy/tutorials/create-and-manage)
**Assign a policy**
1. Access the Azure portal.
2. Search for and select **Policy**.
3. Select **Assignments** on the left side of the Azure Policy page.
4. Select **Assign Policy** from the top of the Policy - Assignments page.
5. Notice the **Scope** which determines what resources or grouping of resources the policy assignment is enforced on.
6. Select the **Policy definition ellipsis** to open the list of available definitions. Take some time to review the built-in policy definitions.
7. Search for and select **Allowed locations**. This policy enables you to restrict the locations your organization can specify when deploying resources.
8. Move the **Parameters** tab and using the drop-down select one or more allowed locations.
9. Click **Review + create** and then **Create** to create the policy.
**Create and assign an initiative definition**
1. Return to the Azure Policy page and select **Definitions** under Authoring.
2. Select **Initiative Definition** at the top of the page.
3. Provide a **Name** and **Description**.
4. **Create new** Category.
5. From the right panel **Add** the **Allowed locations** policy.
6. Add one additional policy of your choosing.
7. **Save** your changes and then **Assign** your initiative definition to your subscription.
**Check for compliance**
1. Return to the Azure Policy service page.
2. Select **Compliance**.
3. Review the status of your policy and your definition.
**Check for remediation tasks**
1. Return to the Azure Policy service page.
2. Select **Remediation**.
3. Review any remediation tasks that are listed.
**Remove your policy and initiative (optional)**
1. Return to the Azure Policy service page.
2. Select **Assignments**.
3. Select your **Allowed locations** policy.
4. Click **Delete assignment**.
5. Return to the Azure Policy service page.
6. Select **Initiatives**.
7. Select your new initiative.
8. Click **Delete initiative**.
## Configure Role-Based Access Control
In this demonstration, we will learn about role assignments.
[Tutorial: Grant a user access to Azure resources using the Azure portal - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)
[Quickstart - Check access for a user to Azure resources - Azure RBAC](https://docs.microsoft.com/azure/role-based-access-control/check-access)
**Locate Access Control blade**
1. Access the Azure portal and select a resource group. Make a note of what resource group you use.
2. Select the **Access Control (IAM)** blade.
3. This blade will be available for many different resources so you can control permissions.
**Review role permissions**
1. Select the **Roles** tab (top).
2. Review the large number of built-in roles that are available.
3. Double-click a role, and then select **Permissions** (top).
4. Continue drilling into the role until you can view the **Read, Write, and Delete** actions for that role.
5. Return to the **Access Control (IAM)** blade.
**Add a role assignment**
1. Create a user.
2. Select **Add role assignment**.
- **Role**: *Owner*
- **Select**: *Managers*
- **Save** your changes.
3. Select **Check access**.
4. Select the user.
5. Notice the user is part of the **Managers** group and is an **Owner**.
6. Notice that you can **Deny assignments**.