SlideShare a Scribd company logo

[Azure Governance] Lesson 2 : Azure Locks

☁ Hicham KADIRI ☁

This is the Lesson 2 of the "Azure Governance - Free training" serie. This document describes Azure Locks and lists all key items you should now when designing your Azure Lock Hierarchy. Finally, the document describes all methods/tools (GUI & CLI) you can use to create and apply Azure Locks to your Subscriptions, Resource Groups and Azure Resources.

Technology
1 of 30
Download to read offline
Module 2 Azure Locks Azure Free Training Azure Governance Model By Hicham KADIRI January 20, 2018 A K&K Group Company
Contoso Ltd. About me Microsoft MVP • Windows Expert-IT Pro (2014-2015) • Cloud and Datacenter Management (2016) • Enterprise Mobility /RDS (2017) • CDCM /Azure (2018) Founder @BecomeITExpert.com Co-Founder @K&K Group Think {Cloud /DevOps /Security} IT Author (+10 eBooks) • RDS 2012 R2 and 2016 Pocket Consultant • RDS & OS Security & Hardening guide • Azure CLI 2.0 Pocket Consultant • GPO, PowerShell, AppLocker … Lead Cloud Architect /Az Expert • Working for several large companies and international group including Thales, Areva, Rabobank, Gemalto, Vinci, CE, BP…etc IT Blogger • hichamkadiri.wordpress.com • AskTheCloudExpert.wordpress.com • ~2millions views ☺ /hicham_kadiri /in/hichamkadiri TechNet Contributor (Top 0,5%) • MTFC (Microsoft Technical French Contributor) • MCC (Microsoft Community Contributor) Hicham KADIRI (aka #HK)
Document Objectives • Reminder about Azure Governance • Explains the importance of Locks in the Microsoft Azure environment • Keys items You Should Know • Azure Locks vs Azure RBAC • Required rights for Azure Locks • Azure GUI & CLI Tools you can use to create and Apply Azure Locks • DEMO : HowTo Lock your Azure Subscriptions, RG and Resources
Contoso Ltd. Reminder about Azure Governance #HK
Contoso Ltd. #HK
Contoso Ltd. Azure Locks Why it’s important ? #HK
Contoso Ltd. Microsoft Azure Locks What is it and Why it’s important ? • Azure Locks are an amazing way to protect your subscriptions, resource groups and Azure resources. • They ensure that what we have implemented is not changed, or worse, accidentally deleted. Important Note Azure Lock does not replace Azure RBAC. Cf next Slide ! #HK
Contoso Ltd. Azure Locks Keys items You Should Know #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Lockable Objects • You can Lock : • Subscription • Resource Group • Resource #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Lock Types • There are two Lock Types : • CanNotDelete ▪ You can “Read & Modify” the Resource ▪ You can’t Delete the Resource • Read-Only ▪ You can Read Resource Properties/Infos ▪ You can’t Delete or Modify Resource ▪ Important Note: ▪ Could have undesired results ! #HK
Contoso Ltd. Microsoft Azure Locks What You Should Know : Inheritance • When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence. #HK Resource Group inherits Locks from Subscriptions Resource (eg : Azure VM) inherits Locks from Subscriptions and Resource Groups
Contoso Ltd. Microsoft Azure Locks Hierarchy (ex) #HK
Contoso Ltd. Azure Locks Required « Rights » #HK
Contoso Ltd. Microsoft Azure Locks Required “Rights” • To create or delete management locks, you must have access to the following actions : • Microsoft.Authorization/* • Or Microsoft.Authorization/Locks/* Note Of the built-in roles, only Owner and User Access Administrator are granted those actions. #HK
Contoso Ltd. Difference between Azure Locks & Azure RBAC #HK
Contoso Ltd. Difference between Azure Locks vs Azure RBAC • Azure Role-Based Access Control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Azure RBAC helps you manage access for users, groups, service principals. • Unlike Role-Based Access Control, you use Azure Locks to apply a restriction across all users and roles. • Useful Link • Visit the following link to read more about Azure RBAC : https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/ #HK
Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Locks #HK
Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Azure Locks • Azure Locks can be created and applied using different GUI & CLI Tools : • GUI : ▪ Azure Portal • CLI ▪ Windows PowerShell (using AzureRM Module) ▪ Azure CLI 2.0 #HK
Contoso Ltd. HowTo Lock Your Azure Subscriptions, RG and Resources #HK
Contoso Ltd. Create & Apply your Azure Locks using Azure Portal
Contoso Ltd. HowTo #1 Lock your Az Subscriptions, RG and Resources via Azure Portal • Connect to Azure Portal • https://portal.azure.com • Go to Subscriptions blade and select the Subscription you want to Lock • Then click on “Resource Locks” • Click “Add” and add your Azure Lock • You have to enter the following infos : ▪ Lock Name ▪ Lock Type : ▪ Delete ▪ Read-only ▪ Notes (Lock Description) #HK
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • If you want to create and apply Locks to Resource Groups or a specific Azure Resource, just Select your RG ou Azure Resource to lock and then, click on “Locks”. Finally click “Add” and enter the following infos : • Lock Name • Lock Type ▪ Delete ▪ Read-Only • Lock Notes (description) #HK
Contoso Ltd. Create & Apply your Azure Locks using AzureRM Module
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • The New-AzureRmResourceLock Cmd-let is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via AzureRM Module • If you want to create and apply Locks to a specific Azure Resource, you have to add –ResourceType parameter • In the following example, a new Azure Lock will be created and applied to “hk-prod-website” resource. This is an Azure WebSite, a “Microsoft.web/sites” resource type is specified/used : #HK New-AzureRmResourceLock -LockName « hk-prod-website-lock" -LockLevel CanNotDelete -LockNotes "This Lock prevents accidental deletion of HK-Web-Prod-WebSite resource" -ResourceName « hk- prod-website" -ResourceType "microsoft.web/sites"
Contoso Ltd. Create & Apply your Azure Locks using Azure CLI 2.0
Contoso Ltd. HowTo #3 Lock your Az Subscriptions, RG and Resources via Azure CLI • The Az Lock Create Command is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
Contoso Ltd. Do you have any Azure Project (Design/Architecture/Migration)? If yes, feel free to contact us Your Contacts Hicham KADIRI Lead Cloud Architect /Azure Advisor & Microsoft MVP hicham.kadiri@k-nd-k-group.com +33 (0)6 52 97 72 84 Mohsine CHOUGDALI Key Account Manager mohsine.chougdali@k-nd-k-group.com +33 6 66 26 55 15 A K&K Group Company
Contoso Ltd. #HK o_O /hicham_kadiri /in/hichamkadiri Subscribe to my Blog hichamkadiri.wordpress.com
Contoso Ltd. End of Lesson Hope this Helps ☺

Recommended

Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
Azure Governance
Azure GovernanceAzure Governance
Azure GovernanceBenjamin Hüpeden
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelKarl Ots
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Azure governance
Azure governanceAzure governance
Azure governancegirish goudar
 

Recommended

Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0Marcos Oikawa
 
Azure Governance
Azure GovernanceAzure Governance
Azure GovernanceBenjamin Hüpeden
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy☁ Hicham KADIRI ☁
 
Building an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelBuilding an Enterprise-Grade Azure Governance Model
Building an Enterprise-Grade Azure Governance ModelKarl Ots
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceDavid J Rosenthal
 
Azure governance
Azure governanceAzure governance
Azure governancegirish goudar
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelinkUdaiappa Ramachandran
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program OverviewNicholas Vossburg
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Azure governance
Azure governanceAzure governance
Azure governanceUdaiappa Ramachandran
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaSShahed Chowdhuri
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Edureka!
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup SimplifiesTanawit Chansuchai
 
[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags☁ Hicham KADIRI ☁
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureNovosco
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost ManagementStefano Tempesta
 
[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention☁ Hicham KADIRI ☁
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019Frans Lytzen
 
7.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v0820207.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v082020Wim Matthyssen
 

More Related Content

What's hot

48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program OverviewNicholas Vossburg
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Edureka!
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsMSDEVMTL
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Azure Migrate
Azure MigrateAzure Migrate
Azure MigrateMustafa
 
[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags☁ Hicham KADIRI ☁
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft AzureNovosco
 
[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention☁ Hicham KADIRI ☁
 

What's hot (20)

Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelink
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program Overview
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure governance
Azure governanceAzure governance
Azure governance
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update Management
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaS
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
 
Azure Backup Simplifies
Azure Backup SimplifiesAzure Backup Simplifies
Azure Backup Simplifies
 
[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags[Azure Governance] Lesson 3 : Azure Tags
[Azure Governance] Lesson 3 : Azure Tags
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
 
Azure Cost Management
Azure Cost ManagementAzure Cost Management
Azure Cost Management
 
[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention[Azure Governance] Lesson 1 : Azure Naming Convention
[Azure Governance] Lesson 1 : Azure Naming Convention
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 

Similar to [Azure Governance] Lesson 2 : Azure Locks

Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019Frans Lytzen
 
7.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v0820207.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v082020Wim Matthyssen
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Chris Dagdigian
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with ChefChef Software, Inc.
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Stenio Ferreira
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentFelipe Prado
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenNCCOMMS
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureKarsten Müller
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentationFrans Lytzen
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSShane Peden
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiGirish Kalamati
 
Azure Ninja Tips and Tricks
Azure Ninja Tips and TricksAzure Ninja Tips and Tricks
Azure Ninja Tips and TricksTodd Whitehead
 
Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2AzureEzy1
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 
Microsoft azure infrastructure essentials course manual
Microsoft azure infrastructure essentials course manualMicrosoft azure infrastructure essentials course manual
Microsoft azure infrastructure essentials course manualmichaeldejene4
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 

Similar to [Azure Governance] Lesson 2 : Azure Locks (20)

Secure your Azure Web App 2019
Secure your Azure Web App 2019Secure your Azure Web App 2019
Secure your Azure Web App 2019
 
7.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v0820207.habits.every.azure.admin.must.have.v082020
7.habits.every.azure.admin.must.have.v082020
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)Cloud Sobriety for Life Science IT Leadership (2018 Edition)
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with Chef
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
 
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environmentDEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
DEF CON 27 - DIRK JAN MOLLEMA - im in your cloud pwning your azure environment
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas VochtenO365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft Azure
 
Secure your web app presentation
Secure your web app presentationSecure your web app presentation
Secure your web app presentation
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
 
Php on azure
Php on azurePhp on azure
Php on azure
 
Core strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWSCore strategies to develop defense in depth in AWS
Core strategies to develop defense in depth in AWS
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish Kalamati
 
Azure Ninja Tips and Tricks
Azure Ninja Tips and TricksAzure Ninja Tips and Tricks
Azure Ninja Tips and Tricks
 
Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2Develop Azure compute solutions Part - 2
Develop Azure compute solutions Part - 2
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
 
Microsoft azure infrastructure essentials course manual
Microsoft azure infrastructure essentials course manualMicrosoft azure infrastructure essentials course manual
Microsoft azure infrastructure essentials course manual
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

[Azure Governance] Lesson 2 : Azure Locks

  • 1. Module 2 Azure Locks Azure Free Training Azure Governance Model By Hicham KADIRI January 20, 2018 A K&K Group Company
  • 2. Contoso Ltd. About me Microsoft MVP • Windows Expert-IT Pro (2014-2015) • Cloud and Datacenter Management (2016) • Enterprise Mobility /RDS (2017) • CDCM /Azure (2018) Founder @BecomeITExpert.com Co-Founder @K&K Group Think {Cloud /DevOps /Security} IT Author (+10 eBooks) • RDS 2012 R2 and 2016 Pocket Consultant • RDS & OS Security & Hardening guide • Azure CLI 2.0 Pocket Consultant • GPO, PowerShell, AppLocker … Lead Cloud Architect /Az Expert • Working for several large companies and international group including Thales, Areva, Rabobank, Gemalto, Vinci, CE, BP…etc IT Blogger • hichamkadiri.wordpress.com • AskTheCloudExpert.wordpress.com • ~2millions views ☺ /hicham_kadiri /in/hichamkadiri TechNet Contributor (Top 0,5%) • MTFC (Microsoft Technical French Contributor) • MCC (Microsoft Community Contributor) Hicham KADIRI (aka #HK)
  • 3. Document Objectives • Reminder about Azure Governance • Explains the importance of Locks in the Microsoft Azure environment • Keys items You Should Know • Azure Locks vs Azure RBAC • Required rights for Azure Locks • Azure GUI & CLI Tools you can use to create and Apply Azure Locks • DEMO : HowTo Lock your Azure Subscriptions, RG and Resources
  • 6. Contoso Ltd. Azure Locks Why it’s important ? #HK
  • 7. Contoso Ltd. Microsoft Azure Locks What is it and Why it’s important ? • Azure Locks are an amazing way to protect your subscriptions, resource groups and Azure resources. • They ensure that what we have implemented is not changed, or worse, accidentally deleted. Important Note Azure Lock does not replace Azure RBAC. Cf next Slide ! #HK
  • 8. Contoso Ltd. Azure Locks Keys items You Should Know #HK
  • 9. Contoso Ltd. Microsoft Azure Locks What You Should Know : Lockable Objects • You can Lock : • Subscription • Resource Group • Resource #HK
  • 10. Contoso Ltd. Microsoft Azure Locks What You Should Know : Lock Types • There are two Lock Types : • CanNotDelete ▪ You can “Read & Modify” the Resource ▪ You can’t Delete the Resource • Read-Only ▪ You can Read Resource Properties/Infos ▪ You can’t Delete or Modify Resource ▪ Important Note: ▪ Could have undesired results ! #HK
  • 11. Contoso Ltd. Microsoft Azure Locks What You Should Know : Inheritance • When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence. #HK Resource Group inherits Locks from Subscriptions Resource (eg : Azure VM) inherits Locks from Subscriptions and Resource Groups
  • 12. Contoso Ltd. Microsoft Azure Locks Hierarchy (ex) #HK
  • 14. Contoso Ltd. Microsoft Azure Locks Required “Rights” • To create or delete management locks, you must have access to the following actions : • Microsoft.Authorization/* • Or Microsoft.Authorization/Locks/* Note Of the built-in roles, only Owner and User Access Administrator are granted those actions. #HK
  • 15. Contoso Ltd. Difference between Azure Locks & Azure RBAC #HK
  • 16. Contoso Ltd. Difference between Azure Locks vs Azure RBAC • Azure Role-Based Access Control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Azure RBAC helps you manage access for users, groups, service principals. • Unlike Role-Based Access Control, you use Azure Locks to apply a restriction across all users and roles. • Useful Link • Visit the following link to read more about Azure RBAC : https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/ #HK
  • 17. Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Locks #HK
  • 18. Contoso Ltd. Azure GUI & CLI Tools you can use To create and apply Azure Locks • Azure Locks can be created and applied using different GUI & CLI Tools : • GUI : ▪ Azure Portal • CLI ▪ Windows PowerShell (using AzureRM Module) ▪ Azure CLI 2.0 #HK
  • 19. Contoso Ltd. HowTo Lock Your Azure Subscriptions, RG and Resources #HK
  • 20. Contoso Ltd. Create & Apply your Azure Locks using Azure Portal
  • 21. Contoso Ltd. HowTo #1 Lock your Az Subscriptions, RG and Resources via Azure Portal • Connect to Azure Portal • https://portal.azure.com • Go to Subscriptions blade and select the Subscription you want to Lock • Then click on “Resource Locks” • Click “Add” and add your Azure Lock • You have to enter the following infos : ▪ Lock Name ▪ Lock Type : ▪ Delete ▪ Read-only ▪ Notes (Lock Description) #HK
  • 22. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • If you want to create and apply Locks to Resource Groups or a specific Azure Resource, just Select your RG ou Azure Resource to lock and then, click on “Locks”. Finally click “Add” and enter the following infos : • Lock Name • Lock Type ▪ Delete ▪ Read-Only • Lock Notes (description) #HK
  • 23. Contoso Ltd. Create & Apply your Azure Locks using AzureRM Module
  • 24. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via Azure Portal • The New-AzureRmResourceLock Cmd-let is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
  • 25. Contoso Ltd. Important Note Lock your Az Subscriptions, RG and Resources via AzureRM Module • If you want to create and apply Locks to a specific Azure Resource, you have to add –ResourceType parameter • In the following example, a new Azure Lock will be created and applied to “hk-prod-website” resource. This is an Azure WebSite, a “Microsoft.web/sites” resource type is specified/used : #HK New-AzureRmResourceLock -LockName « hk-prod-website-lock" -LockLevel CanNotDelete -LockNotes "This Lock prevents accidental deletion of HK-Web-Prod-WebSite resource" -ResourceName « hk- prod-website" -ResourceType "microsoft.web/sites"
  • 26. Contoso Ltd. Create & Apply your Azure Locks using Azure CLI 2.0
  • 27. Contoso Ltd. HowTo #3 Lock your Az Subscriptions, RG and Resources via Azure CLI • The Az Lock Create Command is used to create a new Azure Lock. • In the following example, a new Lock will be created and applied to hk-confident-rg resource group #HK
  • 28. Contoso Ltd. Do you have any Azure Project (Design/Architecture/Migration)? If yes, feel free to contact us Your Contacts Hicham KADIRI Lead Cloud Architect /Azure Advisor & Microsoft MVP hicham.kadiri@k-nd-k-group.com +33 (0)6 52 97 72 84 Mohsine CHOUGDALI Key Account Manager mohsine.chougdali@k-nd-k-group.com +33 6 66 26 55 15 A K&K Group Company
  • 29. Contoso Ltd. #HK o_O /hicham_kadiri /in/hichamkadiri Subscribe to my Blog hichamkadiri.wordpress.com
  • 30. Contoso Ltd. End of Lesson Hope this Helps ☺