Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Azure Strategy and Implementation Guide, Fourth Edition

You're reading from   Azure Strategy and Implementation Guide, Fourth Edition The essential handbook to cloud transformation with Azure

Arrow left icon
Product type Paperback
Published in May 2021
Publisher Packt
ISBN-13 9781801077972
Length 228 pages
Edition 4th Edition
Tools
Arrow right icon
Authors (5):
Arrow left icon
Aaditya Pokkunuri Aaditya Pokkunuri
Author Profile Icon Aaditya Pokkunuri
Aaditya Pokkunuri
Greg Leonardo Greg Leonardo
Author Profile Icon Greg Leonardo
Greg Leonardo
David Rendón David Rendón
Author Profile Icon David Rendón
David Rendón
Jason Milgram Jason Milgram
Author Profile Icon Jason Milgram
Jason Milgram
Jack Lee Jack Lee
Author Profile Icon Jack Lee
Jack Lee
+1 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Introduction 2. Automation and governance in Azure FREE CHAPTER 3. Modernizing with hybrid cloud and multicloud 4. Cloud migration: Planning, implementation, and best practices 5. Enabling secure, remote work with Microsoft Azure AD and WVD 6. Security fundamentals to help protect against cybercrime 7. Offers, support, resources, and tips to optimize cost in Azure 8. Conclusion Index

Azure governance

Azure governance is defined as the processes and mechanisms that are used to maintain control of your applications and resources in Azure. They are the strategic priorities involved in planning your initiatives within your organization. Azure governance is provided in two services: Azure Policy and, as we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, Azure Cost Management.

The purpose of Azure Policy is to organize your operational standards and to assess your compliance. Azure Policy regulates compliance, security, costs, and management while implementing governance for consistency of your resources. Everything that we see in Azure is governed by these policies, which contain business rules in JSON format and policy definitions. The schema for these policy definitions can be found at https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json.

What are the benefits?

Azure governance and Azure Policy help with building and scaling your applications while maintaining a level of control. This helps create guardrails and assists with deploying entirely governed environments throughout your organization's subscription using Azure Blueprints. As we will discuss in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, it also assists in managing costs by providing insights into your spending to maximize your cloud investment. In addition, Azure governance offers the following benefits:

  • Helps with audit and enforcement of your policies for any Azure service
  • Helps encourage accountability throughout the organization while monitoring spending
  • Creates compliant environments, including resources, policies, and access control
  • Helps ensure compliance with external regulations via built-in compliance controls

In the following sections, we'll look in detail at some of the features and services available via Azure governance, namely Azure management groups, Azure Policy, Azure Blueprints, Azure Graph, and Azure Cost Management and Billing.

Azure management groups

Azure management groups help manage your Azure subscriptions by grouping them and taking actions against those groups. They allow you to define security, policies, and typical deployments via blueprints. They help create a hierarchical view of your organization so that you can efficiently manage your subscriptions and resources:

Hierarchical representation of Azure management groups

Figure 2.5: Azure management groups

As you can see in Figure 2.5, there is a simple separation between production and non-production. We should understand from this illustration that each management group has a root or parent that every hierarchical structure inherits from. You can create a global structure at the root, or you can create a production or non-production policy in either one of the branches.

Azure Policy

Azure Policy was put in place to help enforce asset compliance in organizational standards within Azure. Common uses of Azure Policy are implementing governance for resources consistency, security, costs, and management. Like everything in Azure, Azure policies are in JSON format, and you add business rules for policy definitions to help simplify the management of these rules.

Azure policies can be applied to Azure resources in different life cycles or during an ongoing compliance evaluation. These can be used as a control mechanism to deny changes or to log them. The difference between Azure Policy and Azure rule-based access control (RBAC) is that your policy does not restrict Azure actions. This means a combination of Azure RBAC and Azure policy provides the full scope of security in Azure.

The following best practices are recommended by Microsoft:

  • When you use Azure policies, it's always good to start with an audit policy rather than a denial policy, as setting a denial policy may hinder automation tasks when creating the resources.
  • When creating your definitions, consider your organizational hierarchies. Creating higher-level definitions such as at the management group or subscription level is recommended.
  • Create and assign initiative definitions or policy sets even for the smallest policy definitions.
  • It is good to remember that once an initial assignment is evaluated, all policies within that initiative are evaluated as well.
  • You should think about using policies to help control your infrastructure, like requiring antivirus to be installed on all virtual machines or not allowing specific sizes of virtual machines to be created in a non-production environment. To gain a better understanding of Azure policy definition structure, you can learn more at https://docs.microsoft.com/azure/governance/policy/concepts/definition-structure.

Azure Blueprints

Azure Blueprints enables technology groups to develop a repeatable set of Azure resources that support an organization's patterns, requirements, and standards. Blueprints are a great way to orchestrate the deployment of various resources, such as role assignments, policies, ARM templates, and resource groups. Azure Blueprints is an extension of ARM templates, which are designed to help with environment setup, and Azure Blueprints uses templates to accomplish this goal.

Azure Resource Graph

Azure Resource Graph was created to extend ARM templates' capabilities to help explore resources even across subscriptions. Azure Resource Graph queries allow you to search for complex results from resources that have been deployed in Azure. Azure Resource Graph is the query system that supports the search in Azure. The query language is based on the Kusto Query Language, which is also used by Azure Data Explorer, so it may be new to you and take a little bit of getting used to.

You need the appropriate rights in Azure RBAC to see the resources—this is the read permission. If you don't get any results returned in Azure when you use Azure Resource Graph, check your read permission first.

Azure Resource Graph is free to use, but it's throttled to ensure the best experience for everyone.

Azure Cost Management and Billing

Azure Cost Management and Billing was created to help analyze, manage, and optimize the costs of your workloads in Azure. It was introduced to help businesses reduce their risk of potential waste and inefficiencies as they migrate to the cloud. Azure Cost Management and Billing does the following:

  • Assists in paying your bills
  • Generates monthly invoices containing cost and usage data that can be downloaded
  • Sets spending thresholds
  • Analyzes your costs proactively
  • Identifies opportunities to optimize spending for your workloads in Azure

We will cover this in more depth in Chapter 7, Offers, support, resources, and tips to optimize cost in Azure, since individuals and organizations manage cost streams differently in Azure.

You have been reading a chapter from
Azure Strategy and Implementation Guide, Fourth Edition - Fourth Edition
Published in: May 2021
Publisher: Packt
ISBN-13: 9781801077972
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime