How to maintain technological and economic control of Azure resources and beyond

Solutions related to the public cloud in recent years have registered considerable interest from many companies, attracted by the possibilities offered and the relative benefits. In fact,, among the main characteristics of the public cloud we find dynamism and speed of provisioning, which can be a great vector of innovation for organizations in the IT field. However, if you decide to apply procedures and practices already consolidated in the on-premise world also to cloud environments, you risk making serious mistakes. The cloud is by nature different and, applying the same processes of the on-premise environment, you are likely to have the same results, the same problems, almost similar implementation times and even higher costs. It is therefore essential to implement a process of Cloud Technical Governance through which to ensure effective and efficient use of IT resources in the cloud environment, in order to best achieve their goals. In particular, Governance of the Azure environment is made possible by a series of solutions specially designed to allow management and constant control of the various Azure resources on a large scale. This article will show some of the main Microsoft solutions to consider to better define and manage the governance of services in the Azure environment and beyond.

Public cloud: a double-edged sword

Talking about public clouds today means referring to resources and services that a company can hardly do without, but in some respects it can be a double-edged sword.

What are the main features and potential strengths, they can hide pitfalls if not governed properly:

  • The Self-service delega, this means the possibility of delegating the creation of resources to several working groups, greatly increases the agility and speed of provisioning, but at the same time it could lead to a total lack of control if this is not done in a correct and controlled way.
  • In the public cloud, almost everything is pay-per-consumption. If we combine this feature with the adoption of uncontrolled self-service delegations, where everyone creates resources without an appropriate government, the result can lead to very high and unnecessary costs.
  • When we talk about public cloud we also know that flexibility and scalability they are two great elements of strength and value, but this flexibility, the fact of being able to adopt hundreds of solutions, operating according to self-service logic, combined with hybrid connectivity environments must also focus our attention on new potential security threats.
  • Although Azure, as well as major public clouds, has a very large number of certifications, it introduces solutions based on new technologies which may be difficult to reconcile with corporate compliance requirements.

Adopt the cloud with proper Technical Governance

In the light of these considerations, the advice is to adopt solutions in the public cloud to remain competitive in this ever-changing digital world, but with the appropriate practices of Cloud Technical Governance that help the company mitigate risk and create guardrails. Governance policies within an organization, if properly managed, they also act as an early warning system to detect potential problems.

When it comes to cloud governance there are several disciplines that emerge. Thecost management it is one of the fundamental subjects that absolutely must be treated and managed. To this are added equally important arguments, as the definition of security and compliance baselines, the identity management, theacceleration of deployment processes and the standardization of created resources.

Therefore, declining the concept of governance for an ICT system in the cloud means defining, implement and continuously verify all those rules that make it:

  • with predictable costs;
  • secure according to the guidelines defined by corporate security at any level, not necessarily technical:
  • supportable by all working groups involved in the implementations;
  • subject to audit in terms of compliance with current and company regulations.

The main Microsoft tools for Governance

Cloud governance can be associated with a trip, where Microsoft provides several platform tools to make it run smoothly. The following paragraphs show some of the main solutions to be taken into consideration to implement functional governance.

Cloud Adoption Framework di Azure

From a design point of view, Microsoft provides the Cloud Adoption Framework di Azure, a set of documentation and tools that guide in the best practices of implementations of solutions in the Azure environment. Among these best practices, that it is good to adopt commonly and that it is appropriate to decline specifically for the various customers based on their needs, there is also a specific section for governance. This can be seen as a starting point for applying these practices in detail.

Figure 1 – Design and standardization: Cloud Adoption Framework for Azure

Azure Policy

Azure Policy, natively integrated into the platform, are a key element for governance as they allow you to control the environment and obtain consistency with respect to the activated Azure resources.

Azure Policies allow you to manage:

  • compliance:
    • enable native or custom policies for all resource types;
    • real-time policy assessment and enforcement:
    • periodic and upon request conformity assessment;
  • large-scale distribution:
    • application of policies to Management Group with control over the whole organization;
    • applying multiple policies and aggregating policy states through initiatives;
    • exclusion scope;
    • Policy as Code con Azure DevOps.
  • remedies and automations:
    • correction of existing assets to scale;
    • automatic remediation upon implementation;
    • activation of alerts when a resource is not compliant.

Defender for Cloud

The Microsoft Defender for Cloud solution provides a set of features that cover two important pillars of security for modern architectures that adopt cloud components: Cloud Security Posture Management (CSPM) e Cloud workload protection (CWP).

Figure 2 – The security pillars covered by Microsoft Defender for Cloud

WithinCloud Security Posture Management (CSPM) Defender for Cloud can provide the following features:

  • visibility: to assess the current security situation;
  • guida all’hardening: to be able to improve security efficiently and effectively.

Thanks to a continuous assessment, Defender for Cloud is able to continuously discover new resources that are distributed and evaluate if they are configured according to security best practices. If not,, assets are flagged and you get a priority list of recommendations on what to fix to improve their security. As regards the scopeCloud Workload Protection (CWP), Defender for Cloud delivers security alerts based onMicrosoft Threat Intelligence. Furthermore, includes a wide range of advanced and intelligent protections for workloads, provided through specific Microsoft Defender plans for the different types of resources present in the subscriptions and in hybrid and multi-cloud environments.

Microsoft Cost Management

To face the important challenge of being able to always keep under control and optimize the expenses to be incurred for the resources created in the cloud environment, the main tool is Microsoft Cost Management, that allows you to:

  • Monitor cloud spending: the solution tracks the use of resources and allows you to manage costs, also on AWS and GCP, with a single, unified vision. This allows access to a series of operational and financial information and to make decisions with the right awareness.
  • Increase accountability: allows you to increase the responsibility of the various company areas through budgets, using cost allocation and with chargeback policies.
  • Optimize costs: through the application of industry best practices

Microsoft Sustainability Manager

Today, an efficient and effective use of IT resources must also take into consideration the environmental impact and energy consumption. Microsoft Sustainability Manager is a Microsoft Cloud for Sustainability solution that unifies data to better monitor and manage the environmental impact of resources. Regardless of the stage you are in to achieve the zero emissions goal, this solution makes it possible to document and support the process for reducing emissions. In fact,, the solution allows you to:

  • gain the visibility needed to promote sustainability;
  • simplify data collection and emissions calculations;
  • analyze and report more efficiently the environmental impact and progress of a company in terms of sustainability.

Not just Azure, but a governance for all IT assets

In situations where a hybrid or multi-cloud strategy is being adopted, the question arises: “as you can view, govern and protect IT assets, regardless of where they are running?”

The answer to this question can be: “adopting Azure Arc”.

In fact,, the underlying principle of Azure Arc is to extend Azure management and governance practices to different environments and to adopt typically cloud solutions, even for on-premises environments.

Figure 3 – Azure Arc overview

To achieve this, Microsoft has decided to extend the modelAzure Resource Manager so that we can also support hybrid environments, thus facilitating the implementation of the control features present in Azure on all the infrastructure components.


To ensure effective use of the public cloud, it is important to adopt the right cloud governance practices that help mitigate risks and protect the company from improper use of IT resources. There are many disciplines to consider and the governance of your IT environment needs to extend across all resources, regardless of where they are. Microsoft offers a number of tools and solutions to address the governance challenge, however, a lot of experience is needed to implement established and reliable processes.

Please follow and like us: