I have some questions.
Are we able to prevent users within our organization from creating Subscriptions using the Visual Studio/Dev or other means in our Azure tenant?
If now, what is the recommended way to appropriately govern existing/new Subscriptions to ensure that people do not do dumb things within their subscription space that could compromise our organization?
I feel like the answer to number 1, based upon my research, is no... but I'm not 100% on that, and I know that there are some governance pieces within Management groups, Azure Defender and probably some other areas (RBAC?) where we could govern Subscriptions if we can't prevent the creation of them, but I wanted to hear from some veterans of Azure out there related to this topic.
Thanks in advance!