Skip to main content

Azure Blueprint

                        Azure Blueprint

Ever wondered on how could anyone set up a compliance standards for the resources deployed in Microsoft Azure? In a fast moving industry where every small offerings by cloud provider keep on changing rapidly; it’s hard to keep the compliance-check up-to-date.

In order to address compliance standards, Microsoft recommend to use Azure Blueprint. It’s a free service that helps customer deploy and update cloud environments in a repeatable manner using composable artifacts such as policies, ARM templates and role based access controls (RBAC). Azure Blueprints is built to help customer’s setup governance strategy around their Azure environments and can also scale to support production/non-production implementations for large-scale migration environment.

In other words, Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

  1. Role Assignments
  2.  Policy Assignments
  3. Azure Resource Manager (ARM) template
  4. Resource Group

Microsoft Azure leads the industry with several compliance offerings that involves international and industry-specific compliance standards, such as ISO 27001, HIPAA, PCI, SOC 1 and SOC 2, along with country-specific standards, including FedRAMP and other NIST 800-53 derived standards, Australia IRAP and Singapore MTCS.

Let’s see this with an example to understand better,

ISO 27001: Shared Services’ is a blueprint available under Azure tenant. Simply navigate to the Blueprints page, click “Create a Blueprint”, and choose ‘ISO 27001: Shared Services’ blueprint from the list.

We could also notice various other compliance offering by Microsoft as shown in below screenshot.

           

                                                    Figure 1: Create a Blueprint


ISO 27001: Shared Services’ blueprint is designed to help people deploy production-ready, secure end-to-end solutions in quick time and it includes:

·        Hardened infrastructure resources: Azure Resource Manager (ARM) templates are used to automatically deploy the components of the architecture into Azure by specifying configuration parameters during setup. The infrastructure components include Azure Firewall, Active Directory, Key Vault, Azure Monitor, Log Analytics, Virtual Networks with subnets, Network Security Groups, and Role Based Access Control definitions. Additionally, these resources can be locked by Blueprints as a security measure to protect the consistency of the defined blueprint and the environment it was designed to create.

·        Policy controls: It is a set of Azure policies that help provide real-time enforcement, compliance assessment, and remediation for the required environment.

·        Security and Compliance controls: A team can be benefitted from all the controls for which Microsoft is responsible as cloud provider, and blueprint helps to configure a number of the remaining controls to meet ISO 27001 requirements.


                                                           Figure 2: Artifacts

Lifecycle of an Azure Blueprint

Yes, Azure Blueprint is no different, it has a lifecycle as they are created and then deployed. And, when they are no longer needed, they are deleted. Azure Blueprints also provides support for CI/CD pipelines for organizations that manage infrastructure-as-code (IaC). Azure Blueprint lifecycle consists of,

  1. Creation of Blueprint
  2.  Publishing of Blueprint
  3. Creating or editing a new version of Blueprint
  4. Publishing a new version of Blueprint
  5. Deletion of a specific version of Blueprint
  6. Deleting the Blueprint altogether

I hope this article would give its readers a better understanding about the overview of Azure Blueprints. 

If there are any feedback, please do share at the bottom of the page.

For more details about Azure Blueprints, please see this link.  

Labels:

Comments

Post a Comment

Popular posts from this blog

Securing Azure Virtual Desktop

Introduction Azure Virtual Desktop (AVD) offers a powerful and flexible solution for delivering virtualized desktops and applications. However, like any cloud-based service, AVD requires robust cybersecurity measures to protect sensitive data and ensure business continuity. This post explores key cybersecurity best practices, security features, and strategies for securing your AVD environment. Understanding the Threat Landscape Before diving into specific security measures, it's crucial to understand the potential threats targeting AVD environments. These include: Malware:  Viruses, ransomware, and other malicious software can compromise virtual desktops and steal data. Phishing:  Attackers may use phishing emails or websites to trick users into revealing their credentials. Brute-force attacks:  Attackers may attempt to guess user passwords through automated attacks. Insider threats:  Malicious or negligent employees ca...
Post a Comment
Read more

Workload Protection with Microsoft Defender for Cloud

‘ Microsoft Defender for Cloud’ (previously known as Azure Security Center and Azure Defender) is a tool that strengthen your Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) . It protects your workload running in Azure, hybrid, or any other cloud platforms. In this blogpost, we will mainly focus on Cloud Workload Protection (CWP), which are typically agent-based workload-centric security protection solutions along with below topics. 1.                           Enable ‘ Microsoft Defender for Cloud ’ on your subscriptions 2.                           Enable Enhanced security features 3.                           Workload Protection a.       Dashboard coverage b. ...
Post a Comment
Read more

Azure Virtual Desktop: Empowering Remote Work for Businesses

A Beginner's Guide to Unlocking Productivity   In today’s fast-paced, digital world, remote work has become more than a convenience— it’s a necessity. For businesses, managing a remote workforce effectively can be challenging. Azure Virtual Desktop, a powerful tool from Microsoft designed to streamline remote work and supercharge productivity. But what is Azure Virtual Desktop, and why should businesses care? Let’s break it down.   What is Azure Virtual Desktop?   Azure Virtual Desktop (AVD) is a cloud-based service that allows businesses to set up and manage virtual desktops and applications for their employees. Imagine your desktop, complete with all your files and software, accessible from anywhere in the world as long as you have an internet connection. AVD gives you that capability, securely hosted on Microsoft’s reliable cloud infrastructure.   Benefits of Azure Virtual Desktop   Azure Virtual Desktop offers a range of benefits that make it especially a...
Post a Comment
Read more

Contact Form

Name

Email *

Message *