Skip to main content

Troubleshooting, Governance, and Compliance

Updated Nov 16, 2020 ·
NOTES

This is not an exhaustive documentation of all the existing Azure Services. These are summarized notes for the Azure Certifications.

To see the complete documentation, please go to: Azure documentation

Overview

Azure provides various tools and services for troubleshooting, governance, and ensuring compliance. Here's an overview of key concepts:

Platform Logs

  • Resource Logs: (formerly diagnostic logs) Record information about activities within an Azure resource (e.g., database access).
  • Activity Logs: Provide subscription-level details about external activities on resources (e.g., shutting down a database).
  • Azure Active Directory Logs: Capture activities related to Azure Active Directory, such as logins and user additions.

Resource Locks

  • Hierarchy: Locks can be applied at the resource, resource group, or subscription level.
  • Inheritance: Most restrictive lock takes precedence; administrators must remove locks to delete resources.
  • Types:
    • Delete lock (prevents deletion)
    • Read-only lock (prevents modification and deletion).

Azure Policy Service

  • Governance Policies: Enforce governance policies using Azure Policy.
  • Example: Create policies ensuring data storage services like SQL Database instances are only created in specified regions.
  • Initiatives: Group related policies into initiatives for easier management and assignment.
  • Management Groups: Organize subscriptions into management groups to inherit policies.

Trust Center and Service Trust Portal

  • Trust Center: Collection of resources on how Microsoft handles security, privacy, compliance, and transparency.
  • Service Trust Portal: Focused on compliance, provides audit reports for standards like SOC, FedRAMP, and ISO27001.
  • Compliance Manager: Tool to assess and track compliance efforts, helpful for achieving and maintaining compliance.

Azure Government and Azure China

  • Azure Government: Physically isolated data centers and networks for US government agencies at federal, state, and local levels.
  • Azure China: Physically separated Azure instance operated by 21Vianet for customers in China.

These tools and services play a crucial role in ensuring security, compliance, and effective management of Azure resources. Utilizing them allows organizations to troubleshoot issues, enforce governance policies, and maintain a compliant and secure environment.

Additional resources for trust, compliance, and eligibility for specialized instances are available through:

Resources