Implement third party solution if this does not meet the requirement.Ħ.11: Limit users' ability to interact with Azure Resource Manager Azure ID Use Azure Security Center Adaptive Application Controls to specify which file types a rule may or may not apply to.
![fishbowl inventory architecture fishbowl inventory architecture](https://gdm-catalog-fmapi-prod.imgix.net/ProductScreenshot/78db11ae-471b-4873-9541-7556f9144589.png)
FISHBOWL INVENTORY ARCHITECTURE HOW TO
How to deny a specific resource type with Azure PolicyĦ.10: Maintain an inventory of approved software titles Azure ID Use Azure Policy to restrict which services you can provision in your environment.
![fishbowl inventory architecture fishbowl inventory architecture](https://windows-cdn.softpedia.com/screenshots/Fishbowl-Inventory_24.png)
FISHBOWL INVENTORY ARCHITECTURE INSTALL
To get access to install date and other information, enable guest-level diagnostics and bring the Windows Event Logs into a Log Analytics Workspace. Software Name, Version, Publisher, and Refresh time are available from the Azure portal. Use Azure virtual machine Inventory to automate the collection of information about all software on Virtual Machines. Ensure that all Azure resources present in the environment are approved.Ħ.6: Monitor for unapproved software applications within compute resources Azure ID Use Azure Resource Graph to query/discover resources within their subscription(s). Use Azure Policy to put restrictions on the type of resources that can be created in your subscription(s). 6.5: Monitor for unapproved Azure resources Azure ID How to create additional Azure subscriptionsĦ.4: Define and Maintain an inventory of approved Azure resources Azure IDĬreate an inventory of approved Azure resources and approved software for compute resources as per our organizational needs. Reconcile inventory on a regular basis and ensure unauthorized resources are deleted from the subscription in a timely manner. Use tagging, management groups, and separate subscriptions, where appropriate, to organize and track assets. How to create queries with Azure Resource GraphĪpply tags to Azure resources giving metadata to logically organize them into a taxonomy.Ħ.3: Delete unauthorized Azure resources Azure ID Ensure appropriate (read) permissions in your tenant and enumerate all Azure subscriptions as well as resources within your subscriptions.Īlthough classic Azure resources may be discovered via Resource Graph, it is highly recommended to create and use Azure Resource Manager resources going forward. Use Azure Resource Graph to query/discover all resources (such as compute, storage, network, ports, and protocols etc.) within your subscription(s). 6.1: Use automated Asset Discovery solution Azure ID Inventory and Asset Management recommendations focus on addressing issues related to actively managing (inventory, track, and correct) all Azure resources so that only authorized resources are given access, and unauthorized and unmanaged resources are identified and removed.