AZ-900 Flash Cards Part 11: Azure Resource Locks, Resource Tags, Policy, Blueprint

Azure Resource Locks, Resource Tags, Azure Policy & Azure Blueprints

Resource Locks Characteristics

Designed to prevent accidental deletion and/or modification

Used in conjunction with RBAC

Two types of locks:

Read-only (ReadOnly) - only read actions are allowed

Delete (CanNotDelete) - all actions except delete are allowed

Scopes are hierarchical (inherited)

• Subscriptions > Resource Groups > Resources

Management Groups can’t be locked

Only Owner and User Access Administrator roles can manage locks (built-in roles)

What are the two types of resource locks?

Read-only and Delete

Which roles can mange locks?

Owner and User Access Administrator

Management Groups can’t be locked. True or False

True

Are Scopes hierarchal (inherited)?

Yes

What is the correct Scope hierarchy?

Subscriptions > Resource Groups > Resources

Azure Resource Locks can be applied on which scopes?

Azure Subscriptions, Azure Resource Groups, Azure Resource

Resource locks work on Owners? True or False

True

Are Resource Tags inherited by default?

No

Can you see your resource tags in both the Resource Groups & Storage Accounts blades?

Yes

Resource Tags Characteristics

Tags are simple Name (key) - Value pairs

Designed to help with organization of Azure resources

Used for resource governance, security, operations management, cost management, automation, etc.

Typical tagging strategies

• Functional - mark by function

• Classification - mark by policies used

• Finance/Accounting - mark for billing purposes

• Partnership - mark by association of users/groups

Applicable for resources, resource groups and subscriptions

NOT inherited by default

Azure Policy is designed to do what?

To help with resource governance, security, compliance, cost management, etc.

What do Policies focus on?

Policies focus on resource properties (RBAC focus on user actions)

What is Policy definition?

Defines what should happen (conditions & effect)

What is Policy assignment?

Assignment of a policy definition/initiative to a scope

What is Policy initiative?

a group of policy definitions

Enabling Azure Policy on Entire Azure subscriptions is done by creating new..

Policy Assignment

A group of policy definitions is called a …

Policy Initiative

A single object that defines properties, conditions, and effects in Azure Policy service is called a…

Policy Definition

Azure Blueprints is a package of various Azure components (artifacts). True or False?

True

Which Azure components make of Azure Blueprints?

Resource Groups

ARM Templates

Policy Assignments

Role Assignments

What does a Blueprint definition do?

Describes what should happen (reusable package)

What is a centralized storage for organizationally approved design patterns?

Azure Blueprints