We always hear you got to have good governance in place when implementing cloud projects. At high level this is what we refer to when we talk about Azure Governance
- Resource Organisation: Where do I deploy, how do I group and identify
- Resource Security: Who can access, how can I protect against accidental deletion, what can my users deploy etc.
- Auditing: Who did what, tell me when something happens
- Cost Control: What it it costing me to run service x, how can I save money?
I won't go to much details on each of these topics as you can find lot of material on Azure Docs explaining each of these in depth.
However here are few other things you should know
Enterprise Agreement (EA)
The enterprise agreement is the top level of control of Azure. The EA can be logically grouped by what are called departments and accounts for billing purposes. These are just names for the management tiers and do not have to correlate to departments or accounts in your business. Also note, Accounts are "financial accounts" and not access controls (we'll get to that later)
The EA, departments, accounts are managed in the Enterprise portal. You then manage Subscriptions from the Azure portal.
A subscription is the administrative security boundary of Microsoft Azure. It provides the basis for a more granular roles based access control (RBAC) model.
It is the “Out of the box” available billing unit granularity. It is a logical unit of scale by which resources can be allocated.
The Key to doing this right is - HAVE A PLAN!
We sometimes come across customers where this wasn’t considered until afterwards and now they have over 120 subscriptions, which makes identifying the business unit and workload much harder.
Microsoft Cloud Adoption Framework for Azure (CAF)
CAF gives you Tools, Documentation and Best Practices to help accelerate your cloud journey. It is designed so anyone at any stage of their journey can benefit
From earliest strategy to all the way down to continuous process of governance and management (see here)
CAF Migrate landing Zone Blueprint
To help you get started on your cloud journey, Microsoft documents set of infrastructure to help you get set up quickly. You can find all the scripts and artifacts here.