Govern your portfolio of hybrid and multicloud workloads
The cloud has fundamentally changed IT governance. Intensive manual reviews and change controls processes can now be replaced with automated guardrails and compliance tools. Cloud adoption and workload teams can innovate with confidence, knowing that compliance and governance requirements are detected and are often automated. The key to this newfound freedom is the infrastructure-as-code foundation of the cloud. All assets equate back to a defined block of code that can be tested and governed, like any other code base.
In a hybrid, multicloud, and edge strategy, the advantages of cloud governance can now be expanded beyond the cloud. You can combine Azure Arc with Azure Policy, Azure Blueprints, and other governance tools. The combination extends many of your governance guardrails to virtually any cloud resource, private or public clouds alike. Unified operations is the best concept to extend your governance controls by using native Azure tools.
Deploy a unified operations MVP for governance
Well-defined governance starts with sound resource consistency practices. Organizing resources, resource groups, subscriptions, and management groups allows for ease of governance. Expand your cloud governance practices with a few steps:
- Add a tag for
hosting platformto all hybrid, multicloud, and edge assets. - Tag resources from AWS, GCP, and so on.
- Query your resources to see where each is hosted.
To get started, inventory and tag your hybrid and multicloud resources.
After you establish your tagging standards and bring on some of your assets, you can begin governing those resources by using familiar governance tools like Azure Policy. To assign policies to your hybrid and multicloud resources, see the recommended practices on managing Azure Arc enabled servers with Azure Policy.
Governance disciplines
With a basic understanding of unified operations and Azure Arc, you can extend your disciplines of cloud governance to deployments hosted outside of your Azure environments.
Security baselines are among the most common ways that you can expand your governance disciplines in a unified operations scenario. The following best practices will help preserve your security baseline across all environments:
- Collect and detect security data across clouds with Microsoft Defender for Cloud
- Investigate and respond to security threats with Microsoft Sentinel
- Connect AWS accounts to Microsoft Defender for Cloud
- Connect GCP accounts to Microsoft Defender for Cloud
Next steps
For more guidance for your cloud adoption journey, see the following article:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for