Compliance automation in Azure
As we saw in the previous section, following the built-in compliance standards and enforcing policies in our resources is relatively easy. However, it is rare that we have only one resource or one subscription to apply those policies to. Usually, we will go through creating development environments and then deploying them again as production environments, and sometimes, we even maintain both with similar policies and enforcement rules.
Recreating a development environment in Azure is easy as there are several ways to replicate resources between resource groups or subscriptions by using, for example, ARM templates and command-line scripts. However, ARM templates are only used to describe one or multiple related resources. Role assignments from role-based access control (RBAC) and policies must be recreated and reassigned to each subscription, resource group, or resource. In this case, we have another service that helps us recreate environments in Azure...