Summary
Defining your infrastructure as code provides you with the most benefit when you deploy all of your infrastructure from code and use pipelines to automate the deployment process.
In this module, you learned how to plan your environments so that you can strategically target your controls where they have the most impact. Then, because deployment pipelines and code are so important, you learned how to apply controls to your pipelines and repositories. Finally, you learned how to configure your Azure environment to ensure that all changes are deployed by using your approved process, while still allowing for emergency access.
The purpose of this module is to increase your confidence in, and the security of, your Azure deployments. This module has helped you ensure that changes follow a consistent process, are audited and logged, and that only authorized users can perform them.
More resources
- Learn more about the considerations for platform automation.
- To learn more about governance of your deployment processes, reference:
- End-to-end governance in Azure when using CI/CD
- DevOps considerations in the Cloud Adoption Framework for Azure.
- Learn more about Azure landing zones.
- For guidance on using Bicep to deploy Azure resources, reference:
Secure your repositories and pipelines
To learn more about securing and hardening your Azure DevOps and GitHub environments, review these resources:
- Manage users, groups, and permissions:
- Protect important code branches:
- Protect your pipeline's service principals:
- Use audit logs in Azure DevOps
- Secure Azure Pipelines
- Use third-party actions
- Use GitHub security features:
Secure your Azure environment
Azure security and governance include many elements. The following links provide more information about the subjects introduced in this module:
- Break-glass accounts in Microsoft Entra ID
- Microsoft Entra Privileged Identity Management
- Microsoft Sentinel