Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to define and enforce governance rules in Azure using built-in tools like Azure Policy and Microsoft Defender for Cloud. Governance in Azure means setting up rules and controls that help you manage your cloud resources securely, efficiently, and in line with your goals. Whether you're working solo or running a small startup, these steps help you stay organized, avoid surprises, and build responsibly in the cloud.
Prerequisite: Create an Azure account. Startups see if you qualify for Azure credits.
Establish governance policies
Setting clear rules helps you stay consistent and avoiding mistakes as you build in the cloud. These rules guide how you use Azure and help you manage risks like overspending, misconfigurations, or security gaps.
Start by identifying risks that could affect your cloud setup. Think about what could go wrong, like deploying resources in the wrong region, using expensive services by accident, or missing security settings. Use the Assess cloud risks guide to explore common risks and decide which ones matter most to you.
Write down the rules you want to follow. Document your decisions so you can stick to them and share them with others if needed. This document might include things like which regions you should use, which services you want to avoid, or how you should tag resources. Use the Document governance policies guide to help structure your notes.
Enforce cloud governance
Once you defined your governance rules, use Azure tools to apply them automatically. These tools help you stay consistent and catch issues early.
Use Azure Policy to enforce rules. Azure Policy is a free service that lets you define and apply rules across your Azure environment. These rules, called policies, can block certain actions or track them for review. Azure Policy supports four levels of scope:
Policy scope When to apply policies at this scope Management group Use this scope to apply policies across multiple subscriptions. Subscription Apply policies to all resources within a single subscription. Resource group Target a specific set of resources grouped together for a project or workload. Resource Apply policies to individual resources like a web app or storage account. Start with general policies. Use General built-in policies to:
- Require tags on resources and resource groups to help with tracking and organization.
- Limit which regions you deploy to so you can manage costs and performance.
- Disallow expensive resource types to avoid unexpected charges.
Apply policies. To apply a policy, follow the Assign a policy guide.
Use Microsoft Defender for Cloud to improve security. Microsoft Defender for Cloud helps you spot and fix security issues in your Azure setup. It includes free tools that show you what actions to take to protect your environment. You can also connect it to Microsoft Defender XDR for more advanced protection. To get started, follow the Connect Defender to your Azure subscription.
For more information, see Enforce cloud governance.