DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on


Implement subscription security

Create Azure resource locks

  • Management locks help you prevent accidental deletion or modification of your Azure resources
  • You can manage these locks from within the Azure portal
  • To view, add, or delete locks, go to the RESOURCE MANAGEMENT section of any resource's settings blade
  • When you apply a lock at a parent scope, all resources within that scope inherit the same lock

Configure resource-level access policies

  • Azure Policy is a service in Azure that you use to create, assign, and manage policies
  • Unlike RBAC, Azure Policy is a default allow and explicit deny system
  • Azure Policy has several permissions, known as operations, in two resource providers:
    • Microsoft.Authorization
    • Microsoft.PolicyInsights
  • Several built-in roles grant permission to Azure Policy resources
  • If none of the built-in roles have the required permissions, you can create a custom role

Configure subscription-level policies in Azure Policy

  • An Azure subscription is a logical unit of Azure services that is linked to an Azure account
  • Azure management groups provide a level of scope above subscriptions
  • Management groups enable:
    • Organizational alignment for your Azure subscriptions through custom hierarchies and grouping
    • Targeting of policies and spend budgets across subscriptions and inheritance down the hierarchies
    • Compliance and cost reporting by organization (business/teams)
  • All subscriptions within a management group automatically inherit the conditions applied to the management group

Oldest comments (1)

An Animated Guide to Node.js Event Loop

Node.js doesnโ€™t stop from running other operations because of Libuv, a C++ library responsible for the event loop and asynchronously handling tasks such as network requests, DNS resolution, file system operations, data encryption, etc.

What happens under the hood when Node.js works on tasks such as database queries? We will explore it by following this piece of code step by step.