Tag: Policy

Azure Policy

Keep control of your Azure environment with Azure Policy

Keeping control of your Azure environment and your Azure tenant can be challenging. Azure Policy is a fundamental part of Azure Governance to maintain control of your environment. With Azure Policy, you can enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. For example, you can limit the deployment to specific virtual machines types and sizes, or block different Azure regions from being used. You can still give developers and IT Pros access to the Azure environment and subscriptions but always stay in control.

  • Real-time policy enforcement and evaluation
  • Cloud policy management and security at scale
  • Automated remediation of existing resources
  • Comprehensive compliance view of all your resources across your Azure subscriptions

You use Azure Policy not just to enforce rules, but also to only audit your environment. This enables you to see the resources which are not compliant with your company policies instead of just blocking the deployment.

Have a look at my other blog posts about:

Cloud-Native Governance

Cloud-Native Governance

Why not just use RBAC?

Azure Policy is complementary to role-based access control (RBAC), and are both part of the overall Azure Governance tools.

There are a few key differences between Azure Policy and role-based access control (RBAC). RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.



Change Office 365 password expiration policy

office365

The default password expiration policy of Office 365 is set to 90 days. That means that users have to change their password every 90 days. I think basicly this is a good and secure policy but maybe your company has other security policy or for some other reason you have to deactivate this. We can change this setting through PowerShell with the MicrosoftOnline PowerShell Module.

  1. First connect to Office 365 via PowerShell more on this here
  2. Now you can use the following cmdlet
    Set-MsolUser -UserPrincipalName user@contoso.com –PasswordNeverExpires $true