Beginner’s Outline to Assessing an Azure Environment

How to use this Outline

  • You are new to a corporate Azure environment or tenant as a new hire or consultant and need to get an a good breadth of understanding so you are in a position to support, build, design and solution in this Azure environment.
  • This outline serves as a checklist, not exhaustive, but based on my general experience on what I look for.
  • This is to keep it light and any terms or resources that are vague or foreign to you, I suggest you simply search in the Microsoft Docs for further explanation.

This is not an exhaustive list of fundamentals but a starting point to look at resources and settings and understand the current state, setup and the degree of best practices being implemented.

Azure AD

  • Domain
  • AD sync to on-premises AD server
  • Number of users
  • Number of AD groups. Types of AD groups
  • Conditional access policies
  • Roles are applied to which user and group
  • Who has global admin role
  • How are devices managed
  • Azure AD license tier/plan

Azure Management Groups

  • Management group for a LOB or core platform.
  • An established hierarchy of management groups

Azure subscriptions

  • Which management groups are contained within them
  • What is the purpose of existing for future azure subscriptions
  • What are environments are they designated for? Dev, test, prod?
  • Subscriptions are a level for billing and cost management, who managed and monitors the costs and invoices?
  • What RBAC is applied

Azure Resource Groups

  • What is purpose of each RG and under which subscriptions
  • Naming conventions if any

Resource Tagging

  • Tags applied to Azure resources
  • Recommended ones are created by, created date, owner, environment, cost center.

Virtual networking

  • What is the network topology of VNETs
  • Hybrid networking such as site to site vpn and/or Expressroute with on-premises or other cloud
  • Load balancers, App gateway, Firewall appliances, Azure Front Door, Azure Traffic Manager
  • Virtual network gateways
  • Network security groups
  • Region of VNets

IaaS resources

  • VMs
    • Sizing
    • Regions
    • Vnet/subnet
    • OS
    • Software installed
  • Disk and storage
  • SQL Server on VM
  • Any migrated from on-premises?
  • and much more

PaaS web apps

  • Azure app service
  • Azure functions
  • Logic apps
  • Azure Container Services
  • And many more.

Data

  • Azure SQL Server
  • Connectivity to Azure SQL – private endpoint, default, service endpoint
  • Databases in Azure SQL Server
  • Storage Accounts, Azure Data Lake
  • Databricks, Azure Synapse, Azure Data Factory

Security Controls

  • Network security groups on subnets and VM NICs
  • Role based access
  • Azure Defender for vulnerability and threat protection
  • Network firewall in a VM or Azure Firewall (managed service)
  • Azure policy
  • Network controls with inbound and outbound traffic
  • Data encryption
  • Applied Security Benchmarks

Monitoring

  • Azure monitor and alerts
  • Log analytics workspace to ingest logs from azure resources
    • Queries to analyze logs and establish alerts

Devops Automation

  • ARM templates, Terraform or Azure Bicip for repeatable and reusable provisioning of azure resources in following standards.
  • Azure Devops (or similar) for pipelines

Governance

  • Roles and responsibilities related to the operations and strategy of the Azure environment
  • Defining process for continuous improvement
  • Role based access
  • Management groups and subscriptions and resource groups
  • Resource Tagging
  • Azure Policy
  • Infrastructure as Code practices
  • Security controls

Business Continuity

  • Backups
  • High availability
  • Disaster recovery

Final Remarks

Hope this is serves as an initial guide when logging into the the Azure Portal of a new organization, where given read access, to traverse through and get an understanding of their environment to support your objectives.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s