In this series, we will explore all of the tools and mechanisms that make up an Azure Governance Toolbox.
As in a normal toolbox, we have different tools for different jobs. Some have an overlapping function (i.e. you can use a hammer to subsequently use a nail to fasten 2 objects together, or you can use a screwdriver along with a screw to do produce the same outcome). It just depends on what you’re trying to achieve.
When it comes to Azure, we need different tools to produce the outcome we want. Microsoft put it best when they say “Governance refers to the ongoing process of managing, monitoring, and auditing the use of Azure resources.”
We won’t be covering the monitoring aspect of governance (I personally feel that falls more into the “management” category). But, if you’re interested in learning more about the various monitoring tools in Azure, check out my Azure Monitoring Tools Explained series.
With that in mind, there are 4 high-level categories or generalizations around Azure governance, namely resource organization, resource security, auditing, and cost.
This sereis will expand on each of these, and provide examples of their use.
Disclaimer: This blog series was based on the content provided by Brian Christopher Harrison via the Microsoft blog article: Azure 101: Governance.
Here is the breakdown of what we will explore:
Resource Organization
- Subscriptions
- Management Groups
- Resource Groups
- Tags
Resource Security
- Role-Based Access Control (RBAC)
- Built-In Roles vs Custom Roles
- Resource Locks
- Azure Policy
Auditing
- Azure Activity Logs
- Azure Alerts
Cost Controls
- Azure Cost Management (aka Cloudyn)
- Azure Advisor
Other Reference Material
If you’re new to Azure, you might have some questions about how things generally work, what is meant by resource governance, and how to design for it. Here are a few links to help you out:
With this basic introduction in mind, along with the high-level categories, let’s jump into our first governance topic: Resource Organization.