Azure important points:
- Use locks on critical resources.
- Use resource groups to segregate your resources into virtual groups so that they can be managed as a single entity.
- Create policy to set compliance and rules on your Azure resources.
- Use Initiatives if you have multiple policies.
- Even if you have a single policy today, It is recommended using initiatives. This will be helpful in future if you create more number of policies.
- Under Network watcher in Azure portal, check topology tab to view how traffic is routed.
- There is no exemption in azure policies. You cannot create one VM with an exemption when working with azure policies. It is either allowed or denied.
- Use Availability Sets when possible. They are not charged.
- Tags are not inherited.
- Policies are inherited by all child resources. you can exclude any specific resource group from the policy hierarchy, even though policy is applied to whole subscription etc.
Azure Policy can allow a resource to be created even if it doesn’t pass validation. In these cases, you can have it trigger an audit event that can be viewed in the Azure Policy portal, or through command-line tools.
- When you apply a lock at a parent scope, all resources within that scope inherit the same lock.
- All subscriptions within a management group automatically inherit the conditions applied to the management group.
- Policy assignments are inherited by all child resources. This inheritance means that if a policy is applied to a resource group, it is applied to all the resources within that resource group.
- One initiative can be assigned to multiple subscriptions.
- Resource locks can be applied to subscriptions, resource groups, and to individual resources, and are inherited when applied at higher levels.
- When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance takes precedence.