Let's see how you can easily bring enterprise governance to your cloud workloads.
We've seen how you can manage the policies and role based access control on the subscription level.
At the beginning of the course, we talked about how you can use multiple subscriptions to help you separate workloads by Environment Department, region and so on.
When you have multiple subscriptions, you can use management groups to manage access policies and compliance.
Management groups are containers that allow you to bring organization for your azure resources across subscriptions.
All subscriptions within a management group inherit the access settings and policies applied to the management group.
Also, a policy assignment at the management group level cannot be modified by the subscription owner,
which means that you are protected from improper governance
to help you even further with compliance requirements, auditing and traceability of your deployment.
Azure provides the azure blue print service
as your blueprint allows you to define a repeatable set of azure resources that follow your organizational standards.
For example, by using as your blueprint your development or I T teams can ensure that they can deploy consistent environments that comply with your policies
as your blueprint uses a declarative approach to describe and orchestrate the deployment of resources and other artifacts like rolls and policy assignments. Armed templates, etcetera
like azure resource manager or arm templates.
The blueprint preserves the relationship between the definition and what is deployed.
This allows you to track and audit your deployment.
This approach is very useful in devops scenarios, where blueprints are associated with specific build artifacts and releases.
Now you know what tools you can use to do enterprise governance for your organization.