Azure Governance and Azure Policy
In this video we will explain and demo Azure governance using Management Groups, RBAC (Role Based Access Control) and Azure Policy.
Consider the scenario where we have a company with multiple subscriptions. We currently have no control or visability over any subscriptions and we need to control this.

How do you manage the subscriptions?
How do you keep track and control the subscriptions in your environment?
How do you stop the development team creating large VM and resources in different regions?
We only want a team to create the VMs and compute in a particular country so we can make sure our cloud resources don’t get deployed to the wrong region or country.
This keeps your data and compute in your chosen country for data sovereignty and compliance purposes.
Azure governance is based around a set of tools for the IT department to ascert control over Azure subscriptions in your organisation.
Its inefficient to manage these separately, applying admin and permissions to each Azure subscription, so we use management groups to give us a hierarchy where we can manage each subscription under this hierarchy and apply policy and RBAC controls to limit permissions.
In this video we are going to cover the following:
- Creation of management groups from scratch matching a diagram for production.
- Adding production subscription to management group hierarchy
- Review Role Based Access Controls, inheritance and permissions
- Azure policy (applied to production management Group)
- Applying policy to restrict Virtual Machine size SKU limit
- Applying policy to restrict location where resources are deployed
- Testing Azure Policy
- Policy compliance
- Blue Prints (ISO 270001)