The Azure Governance Wheel is used in subscriptions to apply the organization`s governance principles to each environment. Although subscriptions offer billing separation and are generally a security limit, it is possible to enable private communication between virtual networks in different subscriptions using VNet Peering. Based on these findings, the following climbing trajectories could be a potential scenario if organizations assigned EA portal roles to less privileged administrative accounts (e.g. B, licensing or purchasing services): Microsoft introduced a new microsoft Customer Agreement last year. Some organizations have already been converted to this model and others are migrating as part of the EA extension or expiry. Direct purchasing channels to Microsoft, but also the use of the Azure portal instead of the EA portal are some big differences in the management of the MCA (compared to EA). This article focuses heavily on thinking about EA management and may even cover some aspects that could also be related to migration or the management of the MCA. You can speed up the process, if you make the new Azure account administrator log in to ea.azure.com with his account, he will ask them to confirm – with a warning. If the new Azure account administrator has other subscriptions elsewhere, z.B.

Pay-As-You-Go, these will all be transferred at that time under EA, including all invoices for the Azure subscription, so be careful!!! If the new Azure account administrator doesn`t manage Azure subscriptions, you don`t have to worry about the warning. For more information on activating your registration, creating a department or subscription, adding administrators and account owners, and other administrative tasks, visit the Azure EA website. The Microsoft Enterprise agreement offers organizations with 500 users or devices or more the best benefits. It offers a managed volume licensing program that offers the flexibility to purchase cloud services and software licenses as part of an agreement. Today, Azure Portal is also used to manage the costs of corporate subscriptions. Original EA portal was designed for most accounts and financial aspects of the company`s registration. Image Source: Microsoft Security Compass Workshop blogs.msdn.microsoft.com/plankytronixx/2014/05/09/the-differencerelationship-between-azure-active-directory-and-normal-active-directory/ This behavior is design-based, and you should be aware that this could bypass your existing security approaches (Roles of Azure PIM and/or assigned by security groups). Be sure to choose with caution all assigned users with direct permission to manage the MAAs of your Azure workloads. In this case, I prefer to use the analogy with The Active Directory management level model: EA account owners have access to all your assets in Azure Resources. But perhaps also (in) a direct escalation for high permissions (similar to tier0), especially if you run „AD DS domain controllers“ such as virtual machines or other IAM-related resources/workloads (z.B KeyVault) in the relevant subscriptions. With the growing acceptance of public and hybrid cloud options within the company, organizations of all sizes are considering Microsoft Azure for their cloud-based workloads. The cloud creates new paradigms for technologies that support business goals.

These new paradigms are changing the way technologies are adopted, managed and governed. If entire computational centers can be virtually demolished and recreated using a line of code executed by an unmonitored process, we need to rethink traditional approaches. This is especially true for governance. The need to apply sound governance practices to Azure is essential to maintaining controls on access, cost management and resource organization. This need ranges from SMEs to large companies.

Share →