Please enable JavaScript.
Coggle requires JavaScript to display documents.
Build a cloud governance strategy on Azure (2) - Coggle Diagram
Build a cloud governance strategy on Azure
(2)
Cloud Adoption Framework for Azure
Define your strategy
Define and document your motivations:
Document business outcomes:Documente your goals
Develop a business case: ROI
Choose the right first project:
Make a plan
Digital estate: Inveroty of the existing digital assets and workload than you plan tu migrate
Initial organizational alignment : Ensure that the right people are involved in your migration efforts,
Skills readiness plan: Build a plan that helps individuals build the skills they need to operate in the cloud.
Cloud adoption plan:
Ready your organization
Azure landing zone:
Expand the landing zone:
Azure setup guide:
Best practices:
Adopt the cloud
Migration scenarios
Best practices
Migrate your first workload:
Process improvements:
Innovate
Azure innovation guide: Use this guide to accelerate development and build a minimum viable product (MVP) for your idea.
Best practices:
Business value consensus: Add value to the businesss and meet customer
Feedback loops:
Govern and manage your cloud environments
Initial governance foundation:
Improve the initial governance foundation:
Benchmark
Methodology:
Create a subscription governance strategy
FOUR LEVELS
Subscriptions
Resource groups
Management groups
Resources
Billing
If you have multiple departments and need to do a "chargeback" of cloud costs, one possible solution is to organize subscriptions by department or by project.
Access control
A subscription is a deployment boundary for Azure resources. Every subscription is associated with an Azure Active Directory tenant. Each tenant provides administrators the ability to set granular access through defined roles by using Azure role-based access control.
Subscription limits
the maximum number of network Azure ExpressRoute circuits per subscription is 10.
How do I manage Azure RBAC permissions?
You manage access permissions on the Access control (IAM) pane in the Azure portal. This pane shows who has access to what scope and what roles apply. You can also grant or remove access from this pane.
Prevent accidental changes by using resource
locks
A resource lock prevents resources from being accidentally deleted or changed.
What levels of locking are available?
CanNotDelete
means authorized people can still read and modify a resource, but they can't delete the resource without first removing the lock
.
ReadOnly
means authorized people can read a resource, but they can't delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
Organize your Azure resources by using
tags
This metadata is useful for:
Governance and regulatory compliance
Workload optimization and automation
Security
Operations management
Cost management and optimization
Resource management
How do I manage resource tags?
Azure Policy.
you can apply tags to a resource group, but those tags aren't automatically applied to the resources within that resource group. You can use Azure Policy to ensure that a resource inherits the same tags as its parent resource group. You'll learn more about Azure Policy later in this module.
You can also use Azure Policy to enforce tagging rules and conventions.
Azure Policy
Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards.
Initiatives
Set of policies
Review the evaluation results
When a condition is evaluated against your existing resources, each resource is marked as compliant or noncompliant. You can review the noncompliant policy results and take any action that's needed.
Policy evaluation happens about once per hour. If you make changes to your policy definition and create a policy assignment, that policy is evaluated over your resources within the hour.
Azure Blueprints
nstead of having to configure features like Azure Policy for each new subscription, with Azure Blueprints you can define a repeatable set of governance tools and standard Azure resources that your organization requires.
Azure Blueprints orchestrates the deployment of various resource templates and other artifacts, such as:
Role assignments
Policy assignments
Azure Resource Manager templates
Resource groups
What are blueprint artifacts?
Each component in the blueprint definition is known as an artifact.