Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard

Published 20 hours ago verified publisher icon Azure

Audit with Sandbox

Open mw8er opened this issue 2 years ago • 2 comments

At times people would like to develop things for a subscription, which resided e.g. underneath corp. However, the policies keep them for getting their things done.

To circumvent that you could have

  • all policy assignment with effect deny on the landing zones management group should have a matching policy assignemnet with
  • all management groups underneath landing zone, would have a matching management group underneath sandbox
  • as before, the policy assignment with effect deny underneath landing zone would have the effect audit underneath the management group sandbox.

This way landing zone and sandbox would be well separated. And you would be able to verify which policies you are violating for your final landing zone .

mw8er avatar Jun 22 '23 11:06 mw8er

Hey @mw8er,

We are actually working on documenting an approach very similar and making it available in our implementations that @brsteph has been putting some thought into.

image

Is this aligned to your suggestions?

jtracey93 avatar Jun 22 '23 13:06 jtracey93

100% aligned

mw8er avatar Jun 22 '23 14:06 mw8er