Governance Framework Implementation for Microsoft Azure
Step 1
The Azure introduction framework
- Understanding of Microsoft Azure
- Understanding of Azure Auto manage.
- Understanding of Azure Purview
- Understanding of Azure Synapse analytics, Azure Migrate, Azure Arc
- Understanding of other Azure services
- Understanding of Azure Regions, data centers, networks, virtualization, etc
- Understanding of dashboarding, reporting, and analysis measures of Azure
- Understanding of Azure billing mechanisms, accounts, subscriptions, licensing, EA enrolments, hard/ soft service limits, etc
Step 2
Building the account and billing hierarchy along with setting up of Master accounts
- Build organization hierarchy and account management protocols on Azure
Enterprise → Department(s) → Account(s) → Subscription(s) → Resource Group(s)
- Assign privileged roles to on-premise accounts
- Safely store privileged account credentials
- Define the geographic hierarchy of accounts
Entire Org (Enterprise) → Region such as North America or Colorado (Department) → Account Owner within that geographic region (Account) → Individual Projects (subscription)
- Understand and implement resource groups, build subscriptions, build management groups, etc
- Partner with the third party for managed Azure services and carrying out necessary configurations and integrations
- Drive DevOps adoption through hierarchies
Step 3
Implement Azure RBAC (Role-based Access Controls) and Azure resource policies
- Use RBAC permissions to allow management of VMs, Virtual networks, SQL databases
- Use RBAC to allow applications to access resources in the resource group
- Use Azure resource manager templates for assigning Azure roles and enabling deployment
- Leverage Azure RBAC permissions to control deployments
- Lock subscription, resource group, or resource for your critical assets
- Implement organizational policies by leveraging resource group policies
Step 4
Tagging of your Azure Assets
- Implement tagging of your Azure assets
- Access, export, filter, validate and employ analytics for audit logs
- Validate the auditing process and enable alerting
- Implement Azure audit tools along with third-party tools for auditing costs
Step 5
Draw out Virtual network strategy
Plan a virtual network strategy for azure, including plans for traffic routing, traffic filtering, peering, permission controls for virtual networks, service endpoints, subnets, network interfaces, application, and network security groups, etc