DEV Community 👩‍💻👨‍💻

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Implement subscription security

Create Azure resource locks

  • Management locks help you prevent accidental deletion or modification of your Azure resources
  • You can manage these locks from within the Azure portal
  • To view, add, or delete locks, go to the RESOURCE MANAGEMENT section of any resource's settings blade
  • When you apply a lock at a parent scope, all resources within that scope inherit the same lock

Configure resource-level access policies

  • Azure Policy is a service in Azure that you use to create, assign, and manage policies
  • Unlike RBAC, Azure Policy is a default allow and explicit deny system
  • Azure Policy has several permissions, known as operations, in two resource providers:
    • Microsoft.Authorization
    • Microsoft.PolicyInsights
  • Several built-in roles grant permission to Azure Policy resources
  • If none of the built-in roles have the required permissions, you can create a custom role

Configure subscription-level policies in Azure Policy

  • An Azure subscription is a logical unit of Azure services that is linked to an Azure account
  • Azure management groups provide a level of scope above subscriptions
  • Management groups enable:
    • Organizational alignment for your Azure subscriptions through custom hierarchies and grouping
    • Targeting of policies and spend budgets across subscriptions and inheritance down the hierarchies
    • Compliance and cost reporting by organization (business/teams)
  • All subscriptions within a management group automatically inherit the conditions applied to the management group

Top comments (1)


Thank you.

Thanks for visiting DEV, we’ve worked really hard to cultivate this great community and would love to have you join us. If you’d like to create an account, you can sign up here.