How to use this Outline
- You are new to a corporate Azure environment or tenant as a new hire or consultant and need to get an a good breadth of understanding so you are in a position to support, build, design and solution in this Azure environment.
- This outline serves as a checklist, not exhaustive, but based on my general experience on what I look for.
- This is to keep it light and any terms or resources that are vague or foreign to you, I suggest you simply search in the Microsoft Docs for further explanation.
This is not an exhaustive list of fundamentals but a starting point to look at resources and settings and understand the current state, setup and the degree of best practices being implemented.
- AD sync to on-premises AD server
- Number of users
- Number of AD groups. Types of AD groups
- Conditional access policies
- Roles are applied to which user and group
- Who has global admin role
- How are devices managed
- Azure AD license tier/plan
Azure Management Groups
- Management group for a LOB or core platform.
- An established hierarchy of management groups
- Which management groups are contained within them
- What is the purpose of existing for future azure subscriptions
- What are environments are they designated for? Dev, test, prod?
- Subscriptions are a level for billing and cost management, who managed and monitors the costs and invoices?
- What RBAC is applied
Azure Resource Groups
- What is purpose of each RG and under which subscriptions
- Naming conventions if any
- Tags applied to Azure resources
- Recommended ones are created by, created date, owner, environment, cost center.
- What is the network topology of VNETs
- Hybrid networking such as site to site vpn and/or Expressroute with on-premises or other cloud
- Load balancers, App gateway, Firewall appliances, Azure Front Door, Azure Traffic Manager
- Virtual network gateways
- Network security groups
- Region of VNets
- Software installed
- Disk and storage
- SQL Server on VM
- Any migrated from on-premises?
- and much more
PaaS web apps
- Azure app service
- Azure functions
- Logic apps
- Azure Container Services
- And many more.
- Azure SQL Server
- Connectivity to Azure SQL – private endpoint, default, service endpoint
- Databases in Azure SQL Server
- Storage Accounts, Azure Data Lake
- Databricks, Azure Synapse, Azure Data Factory
- Network security groups on subnets and VM NICs
- Role based access
- Azure Defender for vulnerability and threat protection
- Network firewall in a VM or Azure Firewall (managed service)
- Azure policy
- Network controls with inbound and outbound traffic
- Data encryption
- Applied Security Benchmarks
- Azure monitor and alerts
- Log analytics workspace to ingest logs from azure resources
- Queries to analyze logs and establish alerts
- ARM templates, Terraform or Azure Bicip for repeatable and reusable provisioning of azure resources in following standards.
- Azure Devops (or similar) for pipelines
- Roles and responsibilities related to the operations and strategy of the Azure environment
- Defining process for continuous improvement
- Role based access
- Management groups and subscriptions and resource groups
- Resource Tagging
- Azure Policy
- Infrastructure as Code practices
- Security controls
- High availability
- Disaster recovery
Hope this is serves as an initial guide when logging into the the Azure Portal of a new organization, where given read access, to traverse through and get an understanding of their environment to support your objectives.