Governance made simple - Azure Tutorial

I briefly mentioned Azure Policy and I said that Azure Policy allows you to create rules that are evaluated when resources are created and managed, which is true. And for example, you could create a rule that says, I want all of my virtual machines to to be in a certain region. That could be a rule that's defined in Azure Policy, and then that gets enforced when virtual machines are created. Now, the first thing that people think of when you explain it this way is they think, well, if someone tries to create a virtual machine that's not in that region, it just denies it. And in fact, that could be true, but it doesn't have to be true. Azure Policy allows you to define an action for any rule that is not followed. And one of those things could be denied, but it could also be audit, which means it's just going to log something in Azure Log Analytics, which is kind of like a data store that Azure Monitor uses. So you might just want to have a notification logged if someone doesn't comply with that. Also, it allows you to enforce certain other things that can happen when things get created. So for example, you might say, if someone creates a virtual network, I want there to be also an instance of Azure VPN gateway, which is another Azure networking service that allows you to create virtual private networks. And you could have Azure policy either log an event, if there isn't an instance of VPN gateway, or you could also have Azure Policy create that instance of VPN gateway if it doesn't exist. So Azure Policy allows you to prevent security, reliability, cost issues, that type of thing by applying these different policies to resources when they get created and managed. Another governance service that we have in Azure is Azure Blueprints, which allow you to create a blueprint of a deployment. You can have inside of that blueprint policies, you can have RBAC roles, you can have resources, all your different resources can be kind of bundled up in there. And this allows you to then have predictable and reliable deployment of these things. You create all of these things inside of your blueprint, and then you publish that blueprint, which makes it available to assign to a subscription. And when you assign that blueprint to a subscription, it creates all of the things that are inside that blueprint in a very predictable and reliable way. So this makes it really easy to onboard new environments that are very predictable. And you can do that across lots of different regions in Azure and you're guaranteed that all of those things are going to be exactly the same. Another governance feature in Azure is tags. Tags are just a name-value pair. For every tag which can be applied to any resource, you have a name for that tag and an associated value for that tag, and you can have multiple tags on the same resource. So as an example, let's say that you're running a big event in your company and you're going to have some of that event running in the western side of the country and some of that event's going to happen in the eastern side of your country and you're going to have different Azure resources associated with each one of those. So you could have tags that you apply to your resources with a name of big event and a value that shows which region it's in. So you could have a virtual machine with a tag of big event and eastern and another one with a tag of big event and western. And this allows you to stay organized. It also allows you to find your resources quickly because when you're in the Azure portal you can filter based on tags. So you can look at lists of things that are just in the Western event. Now that's just one example of tags. You can use tags in any way you see fit. One thing though that tags will also do for you is give you easier cost management because when you get your Azure bill it comes in a comma separated values file that you can open in something like Excel and filter on, and your tags, the name and value, appear in that invoice. So you can filter your invoice on those tags, and it gives you easier ability to manage costs.