Cost Management
Costs incurred by renting Azure’s computing resources on demand are categorized as operating expenses (OpEx).
Cost before adopting Azure
Pricing calculator
Using the pricing calculator, you can get a rough idea of how much it will cost to set up resources in Azure.
TCO calculator
The TCO calculator is intended to assist you in comparing the expenses of running an on-premises infrastructure to an Azure Cloud environment.
Cost after adopting Azure
Cost Management tool
With the help of Cost Management, you can rapidly monitor Azure resource costs, set up alerts based on resource spend, and define budgets that can be used to automate resource management. In order to get a quick overview of your Azure expenditures, you can perform a cost analysis, which is a subset of Cost Management. With the help of cost analysis, you can rapidly see the overall cost in a number of different ways, such as by billing cycle, region, resource, etc.
Cost alerts: Budget, Credit limit, spending quota alerts based on category / departments.
Tags
Resource tags are another way to organize resources than Resource Group. It helps you keep track of your cloud spending by giving you visibility into your spending habits.
Metadata is additional information about your resources that can be provided through tags.
Resource management, Cost management and optimization, Operations management, Security, Governance and regulatory compliance(ISO 27001), Workload optimization and automation
By using Azure Policy, you can ensure that all tagging practices adhere to a set of established guidelines.
tags : Application name , Cost Center ( cost associate ) , Owner, Environment, Teams, Partners, Projects
Azure Governance
Azure Blueprints : Azure Blueprints are use-case-based configuration templates and predefined predefined set of configurations. They help firms adopt new architectures using best policies and practices.
Each component in the blueprint definition is known as an artifact.
The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription.
When using Azure Blueprints, you may standardize the deployment of your cloud subscription or environment. As simple ways and processes to keep control of your Azure applications and resources.
Instead of configuring Azure Policy for each new subscription, Azure Blueprints lets you specify repeatable settings and policies.
Role assignments : allow for proper access to Azure’s resources.
track and audit your deployments
Policy assignments : Specifies which Azure Policy will apply to your resources.
Azure Resource Manager templates : Allows adding Azure Resource Manager (ARM) templates.
Resource groups: have the ability to manage Azure resources
Blueprint definition : what should be deployed
Blueprint assignment: what was deployed
Azure Policy
How are you going to make sure that all of your resources continue to be compliant? Is it possible for you to receive an alert whenever there is a change in the configuration of a resource?
Enforcing corporate policies and performing compliance audits.
Azure Policies can be set on a resource, resource group, subscription, and more. Azure Policies are inherited, thus if you create a high-level policy, it will apply to all groupings within the parent. If you set an Azure Policy on a resource group, all resources generated within it will get that policy.
Azure Policy objects:
Policy definition:
Policy is the desired conditions. Built-in definitions control what resources can be deployed and need tags on all resources.
Policy assignment is the policy’s scope. Individuals, resource groups, or management groups can be assigned scope. Children inherit policy assignments.
Policy parameters reduce the amount of policy definitions needed. Parameters define which VM SKUs to deploy
Azure Initiative
An Azure initiative is a bundle of Azure policy definitions with a specified intent. Azure efforts simplify policy management by grouping policies together.
Ex: PCI-DSS compliance.
Initiative parameters simplify management by reducing redundancy. Initiative parameters are utilised in policy definitions.
Assignments
Assignments are policy definitions or initiatives with a particular scope.
Resource locks ( Resource locks are inherited )
As the name implies, locking resources keeps them from being unintentionally modified or removed.
ReadOnly : Authorized users can read a resource, but they can’t delete or change it. Using this lock is like limiting all authorized users to the permissions given by the Reader role.
Delete: Users who are allowed to can still read and change a resource, but they can’t delete it.
How to Delete ?
To edit a locked resource, remove the lock. Once the lock is removed, you can execute any allowed action. Locking resources is independent of RBAC. You must remove the lock before performing the restricted operation, even if you own the resource.
Service Trust portal ( Microsoft Trust Center )
Repository of information about Microsoft’s privacy, security, and compliance policies and procedures.
It describes Microsoft’s cloud service and customer data protection procedures and practices. To access some Service Trust Portal resources, log in using your Microsoft cloud services account (Azure Active Directory organization account)
Tools for Managing and Deploying Azure resources
- Azure portal : Web-based Tool
- Azure PowerShell : developers, DevOps, and IT professionals can run commands called command-lets (cmdlets).
- Azure Command Line Interface (CLI) : syntax of commands ( Azure CLI is functionally equivalent to Azure PowerShell )
- Azure Cloud Shell : Browser-based shell tool (supports both Azure PowerShell and the Azure Command Line Interface (CLI))
- Azure Arc : compliance and monitoring to your hybrid and multi-cloud configurations
- Servers
- Kubernetes clusters
- Azure data services
- SQL Server
- Virtual machines (preview)
- Azure Resource Manager : management layer that provides deployment and management service for Azure. ( Authenticates and Authorizes the request from any of the Azure tools, APIs, or SDKs )
- ARM templates : Infrastructure as code deploying Azure resources from JSON format.
Monitoring Tools
Azure Advisor ( Azure Advisor helps you optimize the cloud.)
It recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.
- Reliability: Improve the continuity .
- Security: Detect vulnerabilities and threats .
- Performance: Improve the speed .
- Operational Excellence: workflow efficiency, resource manageability, and deployment best practices.
- Costs: Spending Azure costs .
Azure Service Health
Azure Status: Status of global Azure based on the list of affected Azure services on the Azure Status page.
Service Health: Service Health alerts will advise you of any potential disruptions to the Azure services and regions you use due to service outages, planned maintenance, or other events.
Resource Health: Focused on the health of your deployed Azure resources.
Azure Monitor
Azure Monitor collects, analyses, visualizes, and acts on resource data. Supports on-premises, and multi-cloud resources including virtual machines.
Azure Log Analytics : Edit, perform, and analyze Azure Monitor log queries.
Azure Monitor Alerts: Azure Monitor Alerts are an automated notification system that can keep you informed whenever Azure Monitor identifies a threshold being exceeded.
Application Insights: Application Insights, a component of Azure Monitor, monitors your web applications. Application agent is supported in C#.NET, VB.NET, Java, JavaScript, Node.js, and Python.
Microsoft Azure Security Center
Microsoft Azure Security Center is a set of tools for monitoring and managing cloud security in Microsoft Azure.
Azure security monitoring tools
Azure’s monitoring tools observe processes and detect abnormal behavior. These tools can indicate risks at different levels. Addressing concerns early in the operating lifecycle boosts security.
Microsoft Defender for Cloud: Provides enhanced threat prevention for cloud (whether Azure or not) and on-premises workloads.
Microsoft Sentinel: Advanced security analytics and threat intelligence tool ( Security information event management (SIEM) and security orchestration automated response (SOAR) solutions)
Azure DDoS Protection: Well known: Distributed denial of service (DDoS) attacks.
Azure Rights Management (RMS): Protect files and emails across multiple devices.
Microsoft Purview Information Protection: Protect your sensitive data, including emails, documents, and other files, when you send them outside of your organization.
Azure Governance Visualizer: It is a PowerShell script that iterates your Azure tenant’s Management Group hierarchy. It covers Azure Policy, RBAC, Blueprints, and much more. Azure Governance implementation by connecting the dots. Mode : Microsoft Cloud Adoption Framework (CAF), Microsoft Well-Architected Framework (WAF)
PSRule for Azure: Ready-to-go validation and governance controls for Azure Infrastructure as Code (IaC).
Azure Compliance Manager
Compliance Manager is a workflow-based risk assessment tool in Microsoft Purview for managing cloud compliance in the Trust Portal. Compliance Manager helps you manage regulatory compliance as part of Microsoft 365 or Azure Active Directory (Azure AD).
Regulation assessment templates : GDPR, LGPD, CCPA, and HIPAA-HITECH, ISO 27001, ISO 27018, and NIST
Ready to use assessments
Real-time compliance score
Azure – Microsoft Trust Center
The Trust Center shows how Microsoft handles security, privacy, compliance, and transparency in all cloud products and services.
The Trust Center is an incredible resource platform that includes in-depth information about the security, privacy, and compliance products, policies, features, and methods that are present on all Microsoft cloud products.
