Identity Baseline discipline overview

Identity baseline is one of the Five Disciplines of Cloud Governance within the Cloud Adoption Framework governance model. Identity is increasingly considered the primary security perimeter in the cloud, which is a shift from the traditional focus on network security. Identity services provide the core mechanisms supporting access control and organization within IT environments, and the Identity Baseline discipline complements the Security Baseline discipline by consistently applying authentication and authorization requirements across cloud adoption efforts.


Identity Baseline discipline does not replace the existing IT teams, processes, and procedures that allow your organization to manage and secure identity services. The primary purpose of this discipline is to identify potential identity-related business risks and provide risk-mitigation guidance to IT staff that are responsible for implementing, maintaining, and operating your identity management infrastructure. As you develop governance policies and processes make sure to involve relevant IT teams in your planning and review processes.

This section of the Cloud Adoption Framework outlines the approach to developing an Identity Baseline discipline as part of your cloud governance strategy. The primary audience for this guidance is your organization's cloud architects and other members of your cloud governance team. The decisions, policies, and processes that emerge from this discipline should involve engagement and discussions with relevant members of the IT teams responsible for implementing and managing your organization's identity management solutions.

If your organization lacks in-house expertise in identity and security, consider engaging external consultants as a part of this discipline. Also consider engaging Microsoft Consulting Services, the Microsoft FastTrack cloud adoption service, or other external cloud adoption partners to discuss concerns related to this discipline.

Policy statements

Actionable policy statements and the resulting architecture requirements serve as the foundation of an Identity Baseline discipline. Use sample policy statements as a starting point for defining your Identity Baseline policies.


The sample policies come from common customer experiences. To better align these policies to specific cloud governance needs, execute the following steps to create policy statements that meet your unique business needs.

Develop governance policy statements

The following steps offer examples and potential options to consider when developing your Identity Baseline discipline. Use each step as a starting point for discussions within your cloud governance team and with affected business, and IT teams across your organization to establish the policies and processes needed to manage identity-related risks.


Template icon

Identity Baseline discipline template: Download the template for documenting an Identity Baseline discipline.

Risks icon

Business risks: Understand the motives and risks commonly associated with the Identity Baseline discipline.

Metrics icon

Indicators and metrics: Indicators to understand whether it is the right time to invest in the Identity Baseline discipline.

Adherence icon

Policy adherence processes: Suggested processes for supporting policy compliance in the Identity Baseline discipline.

Maturity icon

Maturity: Align cloud management maturity with phases of cloud adoption.

Toolchain icon

Toolchain: Azure services that can be implemented to support the Identity Baseline discipline.

Next steps

Get started by evaluating business risks in a specific environment.