May 12, 2023
Azure compliance documentation – Azure Privacy and Compliance

Azure compliance documentation

As its name suggests, the Azure compliance documentation is an online documentation site that provides detailed information and resources about legal, regulatory standards, as well as compliance an organization has on Azure. The documentation can be accessed at https://docs.microsoft.com/azure/compliance:

Figure 10.7 – Azure compliance documentation

In this section, we looked at the Azure compliance documentation. The following section looks at Azure Sovereign Regions.

Azure Sovereign Regions

Azure supports what is referred to as Sovereign Regions; these support greater compliance for specific markets. These regions, as shown in the following diagram, operate isolated instances of the Azure cloud computing platform that run dedicated hardware and isolated networks:

Figure 10.8 – Azure Sovereign Region cloud

As outlined here, the Sovereign Region platforms also have portals with different URLs and service endpoints in DNS:

  • Azure Government: This is a separate instance of the Azure platform that Microsoft operates; it is for the sole use of US government bodies (and partners):
    • The service endpoints to connect to in DNS are in the form of *.azurewebsites.us.
    • You can find more information at https://azure.microsoft.com/global-infrastructure/government.
  • Azure China (21Vianet): This is a separate instance of the Azure platform operated by 21Vianet; it is for compliance with Chinese government regulations:
    • The Azure portal can be accessed via a dedicated URL: https://portal.azure.cn.
    • The service endpoints to connect to in DNS are in the form of *.chinacloudsites.cn.

In this section, we looked at the Azure Sovereign Region clouds. The following section looks at a thought exercise.

Thought exercise

Returning to our online pizza company MilesBetter Pizza, they wish to know where they should look to determine whether they need to be compliant with regulatory standards such as Payment Card Industry Data Security Standard (PCI DSS) as they handle online transactions. They also don’t want to fall foul of any Microsoft product terms for Online Services they have.

In addition, in preparation for an audit, they have been asked to provide evidence in the form of information on the compliance, security, and privacy statements from their cloud service provider of the data stored in Azure. The following diagram visualizes all the resources that are required that were covered in this chapter:

Figure 10.9 – Azure privacy and compliance resources

The following URLs will be required to explore, collate, and present the required audit information:

In this section, we looked at a thought exercise covering privacy and compliance. In the next section, we will complete a hands-on exercise.

More Details

Leave a Reply

Your email address will not be published. Required fields are marked *