How to use this Outline

• You are new to a corporate Azure environment or tenant as a new hire or consultant and need to get an a good breadth of understanding so you are in a position to support, build, design and solution in this Azure environment.
• This outline serves as a checklist, not exhaustive, but based on my general experience on what I look for.
• This is to keep it light and any terms or resources that are vague or foreign to you, I suggest you simply search in the Microsoft Docs for further explanation.

This is not an exhaustive list of fundamentals but a starting point to look at resources and settings and understand the current state, setup and the degree of best practices being implemented.

Azure AD

• Domain
• AD sync to on-premises AD server
• Number of users
• Number of AD groups. Types of AD groups
• Conditional access policies
• Roles are applied to which user and group
• Who has global admin role
• How are devices managed
• Azure AD license tier/plan

Azure Management Groups

• Management group for a LOB or core platform.
• An established hierarchy of management groups

Azure subscriptions

• Which management groups are contained within them
• What is the purpose of existing for future azure subscriptions
• What are environments are they designated for? Dev, test, prod?
• Subscriptions are a level for billing and cost management, who managed and monitors the costs and invoices?
• What RBAC is applied

Azure Resource Groups

• What is purpose of each RG and under which subscriptions
• Naming conventions if any

Resource Tagging

• Tags applied to Azure resources
• Recommended ones are created by, created date, owner, environment, cost center.

Virtual networking

• What is the network topology of VNETs
• Hybrid networking such as site to site vpn and/or Expressroute with on-premises or other cloud
• Load balancers, App gateway, Firewall appliances, Azure Front Door, Azure Traffic Manager
• Virtual network gateways
• Network security groups
• Region of VNets

IaaS resources

• VMs
  • Sizing
  • Regions
  • Vnet/subnet
  • OS
  • Software installed
• Disk and storage
• SQL Server on VM
• Any migrated from on-premises?
• and much more

PaaS web apps

• Azure app service
• Azure functions
• Logic apps
• Azure Container Services
• And many more.

Data

• Azure SQL Server
• Connectivity to Azure SQL – private endpoint, default, service endpoint
• Databases in Azure SQL Server
• Storage Accounts, Azure Data Lake
• Databricks, Azure Synapse, Azure Data Factory

Security Controls

• Network security groups on subnets and VM NICs
• Role based access
• Azure Defender for vulnerability and threat protection
• Network firewall in a VM or Azure Firewall (managed service)
• Azure policy
• Network controls with inbound and outbound traffic
• Data encryption
• Applied Security Benchmarks

Monitoring

• Azure monitor and alerts
• Log analytics workspace to ingest logs from azure resources
  • Queries to analyze logs and establish alerts

Devops Automation

• ARM templates, Terraform or Azure Bicip for repeatable and reusable provisioning of azure resources in following standards.
• Azure Devops (or similar) for pipelines

Governance

• Roles and responsibilities related to the operations and strategy of the Azure environment
• Defining process for continuous improvement
• Role based access
• Management groups and subscriptions and resource groups
• Resource Tagging
• Azure Policy
• Infrastructure as Code practices
• Security controls

Business Continuity

• Backups
• High availability
• Disaster recovery

Final Remarks

Hope this is serves as an initial guide when logging into the the Azure Portal of a new organization, where given read access, to traverse through and get an understanding of their environment to support your objectives.