Build a cloud governance strategy on Azure (2) - Coggle Diagram
Build a cloud governance strategy on Azure
Cloud Adoption Framework for Azure
Define your strategy
Define and document your motivations:
Document business outcomes:Documente your goals
Develop a business case: ROI
Choose the right first project:
Make a plan
Digital estate: Inveroty of the existing digital assets and workload than you plan tu migrate
Initial organizational alignment : Ensure that the right people are involved in your migration efforts,
Skills readiness plan: Build a plan that helps individuals build the skills they need to operate in the cloud.
Cloud adoption plan:
Ready your organization
Azure landing zone:
Expand the landing zone:
Azure setup guide:
Adopt the cloud
Migrate your first workload:
Azure innovation guide: Use this guide to accelerate development and build a minimum viable product (MVP) for your idea.
Business value consensus: Add value to the businesss and meet customer
Govern and manage your cloud environments
Initial governance foundation:
Improve the initial governance foundation:
Create a subscription governance strategy
If you have multiple departments and need to do a "chargeback" of cloud costs, one possible solution is to organize subscriptions by department or by project.
A subscription is a deployment boundary for Azure resources. Every subscription is associated with an Azure Active Directory tenant. Each tenant provides administrators the ability to set granular access through defined roles by using Azure role-based access control.
the maximum number of network Azure ExpressRoute circuits per subscription is 10.
How do I manage Azure RBAC permissions?
You manage access permissions on the Access control (IAM) pane in the Azure portal. This pane shows who has access to what scope and what roles apply. You can also grant or remove access from this pane.
Prevent accidental changes by using resource
A resource lock prevents resources from being accidentally deleted or changed.
What levels of locking are available?
means authorized people can still read and modify a resource, but they can't delete the resource without first removing the lock
means authorized people can read a resource, but they can't delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
Organize your Azure resources by using
This metadata is useful for:
Governance and regulatory compliance
Workload optimization and automation
Cost management and optimization
How do I manage resource tags?
you can apply tags to a resource group, but those tags aren't automatically applied to the resources within that resource group. You can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group. You'll learn more about Azure Policy later in this module.
You can also use Azure Policy to enforce tagging rules and conventions.
Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards.
Set of policies
Review the evaluation results
When a condition is evaluated against your existing resources, each resource is marked as compliant or noncompliant. You can review the noncompliant policy results and take any action that's needed.
Policy evaluation happens about once per hour. If you make changes to your policy definition and create a policy assignment, that policy is evaluated over your resources within the hour.
nstead of having to configure features like Azure Policy for each new subscription, with Azure Blueprints you can define a repeatable set of governance tools and standard Azure resources that your organization requires.
Azure Blueprints orchestrates the deployment of various resource templates and other artifacts, such as:
Azure Resource Manager templates
What are blueprint artifacts?
Each component in the blueprint definition is known as an artifact.