In the introduction to this series, we listed the 4 high-level categories of Azure governance, namely resource organization, resource security, auditing, and cost.
Throughout this series, we explored the different tools from each of these categories that we have available in our Azure Governance Toolbox.
As a recap…
Resource Organization
- Utilize Management Groups to apply governance and policy across multiple Subscriptions at the same time
- Review the Azure Enterprise Scaffold for ideas on hierarchy and patterns
- Group resources with the same life-cycle together within the same Resource Group
- Use Tags from day 1, to provide the greatest granularity and flexibility for reporting
Resource Security
- Leverage Role-Based Access Control (RBAC), especially built-in Roles where possible
- Use Resource Locks to protect critical workloads, but keep in mind the limitations of not having a temporary “pause” to make changes
- Implement Azure Policy, even if you’re not planning to use the enforce/deny capabilities; it can help you audit for compliance
Auditing
- Incorporate Azure Activity Alerts as part of your auditing strategy, to capture the who, what, where, and when
- Embrace the power of Azure Alerts, which can alert you to conditions and issues via Azure Mobile App push notification, Email, ITSM integration, Automation, SMS, or Voice (yes, Azure will call you!)
Cost Controls
- Become well versed with Azure Cost Management, and the many different facets it has to help you keep an eye on costs
- Don’t focus too much on Azure Advisor, instead, go to the source (i.e. Azure Security Center, Azure Monitor, and Azure Cost Management)
Conclusion
Now that you have all the tools in your toolbox, you can be the go-to expert in Azure Governance. Don’t forget to charge extra for last-minute, middle of the night calls ;-).