Azure Insights: Policy evaluation; Token signing; DevOps pipelines; Application Insights

February 3 2021

Microsoft Azure pros share their thoughts on Azure Policy evaluation processing, token signing and decrypting, DevOps pipelines, and querying multiple Application Insights instances.

Policy evaluation processing

Microsoft MVP Stanislav Zhelyazkov, writing on Cloud Administrator in Azure World, explained that Azure Policy has a unique feature compared to some other services when it comes to evaluating Azure resources. Policy is built along with Azure Resource Manager and policies take effect right away. This is enforced regardless of whether PowerShell, ARM templates, REST APIs or SDKs are involved. For existing resources policies are evaluated once every 24 hours and scan run time depends on the number of resources that need to be assessed. He wrote:

Most notably you will notice inconsistencies with some Azure Security Center policies…Security center had recommendations for quite some time even before Azure Policy was a service. These recommendations were based on scans that Security center has performed on resources and surfaced the information in Security Center UI. Once Azure Policy came into the picture many of these recommendations could be done via native Azure Policy policies and that is what the Security Center did. Other recommendations couldn’t be done via Azure Policy because the scans that Security Center was doing were not on Azure resources thus not available through ARM API.

Security Center keeps its own scans, publishing results with the ARM API. As a result all Security Center recommendations are available as policies. He noted there is currently no way to trigger on-demand scans for Security Center recommendations. Zhelyazkov added that when users see Policy looking into Microsoft.Security/assessments, it means Security Center is doing the scan and users will need to wait for the results.

The case for token signing and token-decrypting in ADFS

About MSCN Reporter

More about MSCN Reporter