Governance – Cloud Marathoner's Journey

Should you consider Azure 🚀 Blueprints for your new ⛅ projects ⁉ 🤔

Hello friends,

During my recent project engagement, I was checking on status of the Azure Blueprints – a service which is still in Preview. I was surprised and alerted with the note I saw on the documentation page. Namely, service is scheduled to be deprecated.

What is Azure Blueprints (Preview)?

First thing first, this is a service that we use in Governance of Azure resources. This preview service allows the engineers and architects to sketch a project’s design parameters, by enabling cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.

What to do if you are using it?

No worries here. If you already using this service, then plan to migrate your existing blueprint definitions and assignments to Template Specs and Deployment Stacks. Your existing Blueprint artifacts could be converted to ARM JSON templates or Bicep files used to define deployment stacks.

When is the deadline?

Well, all the Blueprints (Preview) will be deprecated on July 11, 2026. Thus, you should have enough time to make the transition to Template Specs and Deployment Stacks.

📌 Reference to Microsoft Learn page on this announcement.
📌 Reference to the LinkedIn post 👉 Should you consider Azure 🚀 Blueprints for your new ⛅ projects ⁉ 🤔

what is next?

Are there any other cloud services ⛅ that will be deprecated soon ⁉🤔
Please, share below in the 💬 comments section.

🔔 If you see any recommendations or suggestions to use Azure Blueprints on Microsoft Learn pages, please ping me back.

Thank you in advance 😉

What services you could use to apply Zero Trust 🚷 principles in your cloud environment ⁉ 🤔

Hello Cloud Marathoners!

We live in a rapidly evolving security landscape 🔐 🛡 with new challenges every day. Even after the pandemic, our work continues to be blended with remote work where many organizations enabled the BYOD policies to increase productivity of the people.

Growing landscape of cybersecurity attacks

Relaxed controls on IT assets, welcomed potential vulnerabilities, and attack surfaces are also expanded adding layers of complexity to corporate IT to perform their task to defend and enable organizational services.

Zero Trust model aligned services

Zero Trust model offered by leading industry players like Microsoft offers comprehensive solutions to our security challenges. Let’s consider those services and their benefits that are listed below:

✅ Security Posture Management
It is enhanced with Azure Policy and Azure Blueprints by defining and enforcing compliance and control guardrails on Azure resources

✅ Identities
Are strengthened using Entra ID (aka, Azure AD) providing robust authentication and authorization.

✅ Endpoint Management
Services like Microsoft Intune and Entra ID Join manage the corporate and BYOD devices with strict compliance

✅ Web App protection
Azure Defender for Cloud & Azure Web Application Firewall (WAF) protects app services by using bleeding-edge security features

✅ Data security
Remains top priority in transit and rest with advanced security features of Azure Storage services by providing encrypted, reliable, and scalable solutions

✅ Infrastructure security
Secrets and certificates are protected with Azure Key Vault services and Microsoft Defender for Cloud offers comprehensive threat protection from day zero

✅ Network Security
Azure network services like Azure Firewall and Virtual Networks are ensuring traffic is secure and segmented

✅ Conditional Access & Controls
App and data access is guarded by Microsoft Defender for Cloud Apps and Conditional Access services by enforcing specific access controls and providing visibility of your SaaS app landscape to help protect your apps.

✅ Modern SIEM and SOAR solution
The Azure Sentinel stands as a cloud-native solution that combines capabilities by centralizing threat detection and response.

In Summary

In summary, Microsoft Azure provides tools and services that are specifically designed to address growing concerns of vulnerabilities that your IT and Security team are tasked to deal with by following Zero Trust principles.

[🖐 Credit] Microsoft Zero Trust & Conditional Access docs

Subscribe to the #cloudmarathoner LinkedIn #tag 👏👀
Stay tuned for more Cloud, Automation & Security-related posts.

Fᴏʟʟᴏᴡ ᴍᴇ 🎯 ᴀɴᴅ become ᴀ #cloudmarathoner ⛅🏃‍♂️🏃‍♀️ – 𝐋𝐄𝐓’𝐒 𝐂𝐎𝐍𝐍𝐄𝐂𝐓

📌 Check out the LinkedIn post 👉 https://www.linkedin.com/posts/elkhanyusubov_cloudmarathoner-tag-cloudmarathoner-activity-7106249128782749696-4k0j #sharingiscaring ❤️

How could you easily create new pre-configured 🚀 Azure subscriptions that meet your organization’s specific needs ⁉ 🤔

Hello, dear #CloudMarathoner community!

If you have been implementing your customers with the management of enterprise subscriptions and policies, then it is a pretty common need to automate the provisioning of those subscriptions in a controlled and secure manner.

The good news is that you don’t have to reinvent the wheel and do everything from scratch. The Microsoft team that is behind the Azure Landing Zones implementation has a good reference that could tremendously help you.

Microsoft Global Customer Success team

Have you ever checked the subscription vending IaC Modules from the Microsoft Global Customer Success team (the same team behind Azure Landing Zones)?

Subscription Vending IaC Modules

Well, if not then Subscription Vending IaC Modules are available for you in two popular infrastructure-as-code (IaC) tools: Bicep and Terraform.
AND designed to help you implement the best practices for subscription provisioning.

Why use these modules?

Using these modules, you can quickly and easily provision new Azure subscriptions that are pre-configured to meet your organization’s specific needs. The modules include parameters/variables for Role-Based Access Control, Networking, Tags, and more.

📌 Check out the Bicep 💪 Landing Zone vending module for Azure a GitHub repo 👉 https://lnkd.in/dJRiK5yG

📌 Check out the Terraform landing zone vending module for Azure a GitHub repo 👉 https://lnkd.in/dtndsfXr #sharingiscaring ❤️

In Summary

So, what is your preferred way to provision Azure subscriptions ⁉ 🤔
Please, share your feedback 💬 in the comments or in the following LinkedIn post.

Interview with the DynamicsSmartz

Hello Cloud Marathoner friends,

I had a great interaction with Kerry, Head of Marketing at DynamicsSmartz few weeks ago. I was offered to share my technical insights into some of the Microsoft technologies and interesting trends in the Cloud and Security areas. As a Microsoft MVP in Azure, I was really excited to share my take on Cloud Security and Governance topics using this Platfrom.

what is Microsoft Dynamics Influencer Insights?

This program provides a look at what Industry Experts and Influencers have to say about the partner benefits of pursuing Digital Transformation. It is also important to note that Microsoft MVPs are usually providing the technical insights freely for the community benefit.

Insights on Cloud Security and Governance

There are multiple questions on Microsoft tech trends and opportunities that have been addressed in my interview. In addition, I also shared my success mantra that you could check it here.

Microsoft Dynamics Influencer insights with Elkhan Yusubov — **Cloud Manager and Author, Elkhan Yusubov’s take on Cloud Security and Governance**

Updated Publication

Today, on August 30th, I have been informed by DynamicsSmartz that my interview has been featured on “The Microsoft Partner Daily” publication. Thank you Kerry for notifying me and great job that you are doing.

Conclusion

Please, let me know your take on my shared tech insights, and what would be the question you want to ask. As usual, please connect with me on @LinkedIn or @Twitter.

Study Guide for AZ-305: Part 1 – Design a Governance Solution

Hello friends,

As you might already know, a new AZ-305 exam for Azure Architects has been officially released a few days ago!!!

I would like to take this opportunity and help all my students and followers with preparation for this important exam.

My plan is to create a blog post series that cover official and community learning materials in addition to the Microsoft Learn, self-paced learning modules.

Table of content (blog series)

*** Design Identity, Governance, and Monitoring Solutions ***
Part 1: Design a Governance solution
Part 2: Design Authentication and Authorization Solutions
Part 3: Design a solution to log and monitor Azure resources
*** Design Infrastructure Solutions ***
Part 4: Design a compute solution
Part 5: Design an application architecture solution
Part 6: Design a network infrastructure solution
Part 7: Design a migration solution
*** Design Data Storage Solutions ****
Part 8: Design a non-relational data storage solution
Part 9: Design a data storage solution for relational data
Part 10: Design a data integration solution
*** Design Business Continuity Solutions ***
Part 11: Design a solution for Business Continuity, backup and disaster recovery
Part 12: Design for high availability

This exam is focused on designing cloud and hybrid solutions on Microsoft #Azure, and was made with #architects in mind 😏

A list of helpful reference materials that will complement your four Microsoft Learn AZ-305: XXX learning paths on the official learning site are screenshotted below for your references 🙂

What is the Cloud Governance ?

The Cloud Governance is a framework that guides how end users make use of cloud services by defining and creating policies to control costs, minimize security risks, improve efficiency and accelerate deployment. It’s imperative to have good cloud governance because it’s a foundational element to your cloud practice that provides the ability to scale and be successful.

In short, the governance in Azure is one aspect of Azure Management. This includes the tasks and processes required to maintain your business applications and the resources that support them. Azure has many services and tools that work together to provide complete management.

What you can do with Azure Governance?

Enforce and audit your policies for any Azure service
Create compliant environments using Azure Blueprints, including resources, policies, and role-access controls
Ensure that you’re compliant with external regulations by using built-in compliance controls
Monitor spend and encourage accountability across your entire organization

The references below are taken from official Microsoft docs and focused on designing Azure governance solutions.

Build Enterprise Agile Azure Governance Foundation

Part 1: Design a governance solution

The references below are taken from official Microsoft docs and focused on designing Governance solutions in Azure. You could also find it helpful to check the Microsoft docs and learning paths with [Tutorials] below 🙂

This collection of links is gathered with a focus on the exam objectives of the AZ-305 certification exam.

How to protect your resource hierarchy
Cloud governance guides
What are Azure management groups
Azure subscription and service limits, quotas, and constraints
What is Azure Resource Manager
Lock resources to prevent unexpected changes
Use tags to organize your Azure resources and management hierarchy

Azure Policy
What is Azure Policy?
Azure Policy built-in policy definitions
Azure Policy built-in initiative definitions
What is Azure role-based access control (Azure RBAC)?
Organize and manage multiple Azure subscriptions
Recommended policies for Azure services
What are Azure management groups?
[Tutorial] Describe core Azure architectural components
[Tutorial] Microsoft Cloud Adoption Framework for Azure
Governance in the Microsoft Cloud Adoption Framework for Azure
Define your tagging strategy

Summary

Thank you for visiting the AZ-305 Study Guide and checking the Part 1 – Design a Governance solution.

The next one will be Part 2: Design Authentication and Authorization Solutions.