Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        New Signature has built a record of leadership by delivering exceptional technology and web solutions.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Learn about the newest company announcements, technologies, and products at New Signature.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        New Signature's executive team includes proven leaders from the most innovative and fast-growing technology fields.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with NS:GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        NS:GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Technologies
        • Learn more about the technologies that power New Signature solutions View All Technologies


          • Advanced Threat Analytics
          • Azure Active Directory
          • Azure IoT Suite
          • Azure Site Recovery
          • Cortana Intelligence Suite
          • DocuSign
          • Dynamics 365
          • Employee Self Service
          • Enterprise Mobility Suite
          • Exchange
          • ExpressRoute
          • Hyper-V
          • Microsoft 365
          • Microsoft Azure
          • Microsoft Azure Stack
          • Microsoft Identity Manager
          • Microsoft Intune
          • Microsoft Phone System
          • Microsoft Project
          • Microsoft Teams
          • Nintex
          • Office 365
          • OneDrive for Business
          • Operations Management Suite
          • Power BI
          • SharePoint
          • Skype for Business
          • SQL Server
          • System Center
          • System Center Configuration Manager
          • Visual Studio
          • Windows 10
          • Windows Server
          • Xamarin
          • Yammer

        • New Signature Microsoft Azure

          New Signature has Microsoft-certified Azure experts and consultants who assess your business, develop the virtual machines that you need to meet your goals and streamline your operations through the cloud. Learn More

        • New Signature Microsoft Licensing

          A Microsoft environment is not complete and usable until the proper licensing has been purchased and activated for your organization. Learn More

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      The Five Disciplines of Cloud Governance – Resource Consistency

      New Signature / Blog / The Five Disciplines of Cloud Governance – Resource Consistency
      May 28, 2019May 21, 2019| Evan Riser
      • Facebook
      • Twitter
      • LinkedIn
      • Print

      In our recent webinar “Controlling Your Azure Environment: Governance for the Modern Enterprise” we touched on the five disciplines of cloud governance from Microsoft’s Cloud Adoption Framework. This blog post is the second in the “The Five Disciplines of Cloud Governance” five-part series expanding on those concepts. If you missed the first post in the series around Deployment Acceleration, check it out here.

      In this post we are going to dig a little deeper into the discipline of “Resource Consistency” and will explore the paradoxical relationship of policies and tags.

      In the Five Disciplines of Cloud Governance Microsoft explains that: “Cloud operations depends on consistency in resource configuration. Through governance tooling, resources can consistently be configured to manage risks related to on-boarding, drift, discoverability, and recovery.”

      Why is it important?

      By configuring, deploying and managing Azure resources in a consistent manner you limit your cloud deployment’s exposure to risk. When resources are deployed in a predictable manner, they are discoverable by IT operations preventing shadow IT, as well as sprawl.

      Without such controls in place the agility of the cloud becomes a liability as resources come in and out of existence without the operations team involvement and they may go unsupported which results in finger-pointing when something goes wrong or worse yet they create a security hole which exposes the whole organization to bad actors.

      The Policy and the Tag

      In considering which of the several tools available to address resource consistency in Azure to discuss I decided to dig deeper into the examples provided in the recent Controlling Your Azure Environment: Governance for the Modern Enterprise.

      In the webinar I touched on the following:

      Azure tags allow you to attributed key/value pairs to resources as an organizational tool. ​

      • Tags work in conjunction with policy where they can refine the scope of a policy. Likewise, policies can be used to enforce the use of tags. ​

      Resource Tags

      Tagging resources provides a way to describe what a resource is for, who is responsible for it, where it fits in a larger solution and other useful information about the resource.  Tags provide a handle against which you can filter resources in queries used for monitoring as well as billing and to target resources through policy.

      Because tags are an open name/value format they offer great flexibility however, this flexibility does not bode well for maintaining consistency.  When configuring tags from the portal you will see listed all of the names and associated values which have been applied in a subscription and should you add your own unique name/value pair it too will be listed for future consumption.  There is nothing to stop someone from adding “CreatedBy” when “Created by” already exists in the list. However, there are two mechanisms which can better shape the use of tags in Azure.

      The first mechanism for mitigating eventual tags chaos is to outline of use of tags including a working taxonomy in your cloud governance documentation. Then to affect the management of that taxonomy and employ the terms defined therein you would use the next item in our tool chain, policies.

      Policy

      Azure policy is one of the most powerful governance tools because it is the embodiment of governance itself. When you a define a policy in real world you are stating how something should be done and expecting a person to abide by it. In Azure, a policy is a technical configuration which controls resources and their existence by allowing or preventing parameters.

      Tag Enforcement Policy

      Implementing policies in Azure is a two-part process.

      1. Definition- First, the desired behavior must be written in javascript object notation (JSON) so that the Azure resource manager can understand it. This singular artifact is the policy, a collection of policies is called an initiative.
      2. Assignment- Second, the policy or initiative must be assigned to a scope to be used. The scope is defined at the subscription and resource group levels with the ability to further refine the scope through exclusion at the individual resource level.

      Definitions

      To create our policy, we must navigate to the “Policy” resource in the Azure Portal by searching for “policy” and selecting the associated service. From the Policy overview section, we are going to select “Definitions” under the Authoring section.

      Here we see listed all of the Built-in policies available out of the box.  By using the Search box located to the far-right of the toolbar we can filter the list to just those policies for tags.

      To achieve our goal of defining tags through policy, we’re going to work with the “Enforce tag and its value” policy.

      After clicking on the definition name, click “Duplication definition” to create a copy of this definition that we can modify. (Note: these built in definitions should be viewed as templates and not modified directly)

      BASICS

      In the first section of the form we will need to assign the following:

      • Definition location: the subscription to which the policy applies
      • Name: make sure this clearly and concisely explains the intent of the policy
      • Description: while not mandatory it is useful to provide details on the policies objective
      • Category: while not mandatory this will help make your policy discoverable for use by others

      POLICY RULE

      The policy rule section is the JSON code which the Azure resource manager will interpret to enforce the application of tags.

      The code block consists of the following:

      PolicyRule: this is where the condition of the policy is defined dictating the IF/Then

      • If– here the policy is looking for the presence in tag defined in Parameters in resources of type [virtual machines]
      • Then– here the “effect” of the condition not being met is to add or “append” the tag to the resources

      (Note: Here we are using the resource type to identify what resources this should be applied to, instead we could identify the resource by tag thus meeting the other scenario outlined in the webinar where policy is applied to resources based on tag.)

      In the example below I have modified the default code to reflect the logic outlined above.

      Parameters: In this section the criteria to be applied by the policy is defined. In our use case it is the tag and value.

      To constrain the “tagname” and “tagvalue” to specific terms, I have added the “allowedValues” property to limit the term(s) used.

      The only modifications that need to be made to the code are to the defaultValue, allowedValues, displayname and description for both the tagName and tagValue.

      Assignment

      Once the definition of a policy has been articulated we can assign it. From the Definitions section we need to navigate to the Assignments area by selecting “Assignments” under the Authoring section.

      Because we are only concerned with an individual policy and not a collection we are going to click “Assign policy” from the top navigation of the Assignments page.

      SCOPE

      In this first section we need to define the scope of the assignment. By default, the scope is an entire subscription, clicking on the ellipsis in the scope field gives the opportunity to refine the scope by resource group(s).

      Scope can be further refined by selecting resources for exclusion from the policy assignment by clicking the ellipsis in the Exclusions field.

      BASICS

      With the scope defined all that remains is to select the Policy definition you want associated to this assignment and give the assignment a name and description.

      Conclusion

      To further our understanding of resource consistency in Azure we have created a policy which enforces the use of a specific tag and value for a specific type of resource. In so doing we have seen how that tags can also be used to determine what resources would have a policy applied to them thus illustrating the recursive relationship between the two ideas.

      The next in our series on Cloud Adoption will be on Cost Management. If you’re interested in implementing Azure services, reach out to us here.

      Categories
      Tips and Tricks
      Contact New Signature

      Blog Posts

      • Cognizant Microsoft Business Group Achieves New Microsoft Advanced Specialization 
      • Azure Sentinel Workshop
      • How to Modernize Your Apps Securely in Azure – Webinar
      • Deploy Kubernetes on Azure, AWS and GCP with Terraform using Azure DevOps

      Events

      Thu 28

      Power Platform Series: Drive Organizational Productivity with Power Virtual Agents

      January 28 @ 10:00 am - 10:45 am EST
      Feb 16

      Cognizant’s Experience Lab for Continuous Testing with Azure

      February 16 @ 12:00 pm - 2:00 pm EST

      View More

      New Signature
      New Signature HQ
      901 K Street NW, Suite 450
      Washington, DC 20001
      Phone: 202-452-5923
      New Signature Canada HQ
      7th Floor, 5140 Yonge Street
      Toronto, ON M2N 7J8
      Phone: 416-971-4267
      New Signature UK HQ
      57 Bermondsey Street
      London SE1 3XJ
      Phone: +44 (0) 845-402-1752

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2021 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy
      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Save & Accept