Part 1: Enterprise-Ready Cloud Workshop Outline

In this workshop and subsequent hands-on lab, you are working with a fictitious company to setup some best practices regarding policies, permissions, and managing their Azure subscriptions using advanced tooling such as Azure Blueprints. Tasks include creating scripts that Enterprise IT will use to automatically set policy and delegate permissions when a new subscription is created. You will also learn how to manage these policies and permissions for multiple subscriptions using Azure Management Groups and Azure Blueprints.
At the end of the hands-on lab, you will know how to provide cost tracking by business unit, environment and project, provide for a distributed administration model, put a service catalog in place to prevent deployment of unsupported Azure services, and put controls in place to allow deployment of services only in specific regions.

  • Example solution architecture
  • Create the policy for Enterprise IT
  • Labs
    • Task 1: Create a Management Group
    • Task 2: Apply the service catalog policy
    • Task 3: Restrict the creation of ExpressRoute circuits
    • Task 4: Restrict the creation of resources in regions
    • Task 5: Create and apply a naming convention
    • Task 6: Test the policies
  • Configure delegated permissions
  • Labs
    • Task 1: Create groups in Azure AD for delegation
    • Task 2: Create user accounts in Azure AD for delegation
    • Task 3: Enable a business unit administrator for the subscription
    • Task 4: Enable project-based delegation and chargeback with tags
  • Use Azure Blueprints to govern your Azure environment
    • Task 1: Create a new Azure Blueprint
    • Task 2: Publish a draft blueprint and assign it
    • Task 3: Update the Service catalog policy to allow blueprint assignments
    • Task 4: Assign a blueprint
    • Task 5: Verify blueprint assignment and resource creation
    • Task 6: Editing blueprints
    • Task 7: Verify compliance with Azure Policy