Category: Governance

Azure Spring Clean 2025 – sessions are accepted to present on Governance with Azure Bicep and AKS monitoring trends

Hello, hello my dear friends and community members!

This March month is going to be very busy, as I got notified that one of my solo sessions, and one joint session with Kasun – a Microsoft MVP and Docker captain – has been accepted, two weeks ago. And most importantly, I will be folding my sleeves to start preparations for the following sessions:

  • The Future of AKS Monitoring: Trends and tools you can’t ignore
  • Tips and tricks to automate resource governance with Azure Bicep

What to expect from a session – Future of AKS Monitoring?

In this session, we dive deep into the evolving landscape of Azure Kubernetes Service (AKS) monitoring — exploring the latest trends, essential tools, and best practices to future-proof your observability strategy.

What you’ll learn in this session:

✅ Current state of AKS monitoring: Azure Monitor, Log Analytics, Prometheus, and more.
✅ Must-have tools: Grafana, Azure Managed Prometheus,
✅ Best practices for designing scalable, high-availability monitoring solutions
✅ Live demo: Setting up Prometheus + Grafana on AKS and integration

What to expect from a Governance with Bicep session?

In this new session, you will learn how to simplify resource governance, ensure compliance, and easily maintain control over your Azure environment.

I have following key topics included in the session:
✅ Basics of Azure Policy and its core components
✅ Creating and managing policy definitions and assignments
✅ Leveraging built-in policies and custom policy creation
✅ Integrating Azure Bicep for efficient resource deployment and governance
✅ Real-world examples and use cases

Call to Action

Don’t miss these sessions during the March month, and as always, you are welcome to provide feedback or ask questions.

Reference post with links to the recorded session – The Future of AKS Monitoring: Trends and tools you can’t ignore.

Another reference post to a recorded session – Tips and tricks to automate resource governance with Azure Bicep.

Check out the Building Privacy-Enhancing Cloud Workflows with Confidential Computing session with Ridwan Badmus

Greeting to all #Cloudmarathoners!

In this first week of October, we had an interesting session to explore privacy and confidential computing from an engineering perspective.

FOCUS OF THE SESSION

Our speaker focused on some hidden details of Implementing Confidential Computing, namely learn how to leverage Trusted Execution Environments (TEEs) to build secure and privacy-conscious cloud workflows. Ridwan also emphasized aligning Governance with Privacy Regulations, as well as discovering strategies to ensure your cloud governance practices comply with evolving data privacy regulations.

In addition, he expanded topic with optimizing Cloud Investments by exploring how enhanced data security and minimized compliance risks can optimize outputs from your cloud investments.

Thank you, Ridwan!

Ridwan Badmus is a lawyer and privacy engineer who is interested to help customers. He has legal and as well as engineering experience to help in these matters. Thus, feel free to connect with him on LinkedIn if you have any inquiries.

what is next?

If you would like further to explore this topic then you are encouraged to check the following resources:

Recorded Session

If you are intrigued to watch the entire session, then please visit the following YouTube link below on our Cloud Lunch and Learn channel.

Join our session with Radu Vunvulea – a Microsoft RD and MVP to learn about Cloud re(patriation) and Hybrid Cloud

Hello Cloud Marathoner friends!

This week we had a very informative session about pros and cons on staying in cloud or moving back from cloud to your on-premises systems. Thus, if you are you ready to learn about Cloud (re)patriation and Hybrid Cloud, this session is for you.

why this topic?

As you might already know, the cloud has revolutionized how businesses operate, providing agility, efficiency, and scalability. However, in recent years, cloud repatriation has emerged as a trend in which businesses are moving data or workloads back to on-premises.

Meetup link > https://www.meetup.com/azuredublin/events/301133455/

Radu will tell us all about pros and cons of cloud re(patriation) and hybrid cloud including the hidden costs in this session.

Thank you to speaker

Radu Vunvulea is a technology enthusiast working as Group Head of
Cloud Delivery for Endava. He has a vast experience in different technologies and industries. Most of his time is spent working with the cloud, helping companies to innovate and finding solutions to their business problems.

He enjoys building bridges between people and helping others to grow. He shares his knowledge on his personal blog and at different events where he is invited as a speaker. In his spare time, he drives an IT community and he is also a Microsoft Regional Director and Microsoft Azure MVP.

Recorded Session

If you are intrigued to watch the entire session, then please visit the following YouTube link below on our Cloud Lunch and Learn channel.

Should you consider Azure 🚀 Blueprints for your new ⛅ projects ⁉ 🤔

Hello friends,

During my recent project engagement, I was checking on status of the Azure Blueprints – a service which is still in Preview. I was surprised and alerted with the note I saw on the documentation page. Namely, service is scheduled to be deprecated.

What is Azure Blueprints (Preview)?

First thing first, this is a service that we use in Governance of Azure resources. This preview service allows the engineers and architects to sketch a project’s design parameters, by enabling cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.

What to do if you are using it?

No worries here. If you already using this service, then plan to migrate your existing blueprint definitions and assignments to Template Specs and Deployment Stacks. Your existing Blueprint artifacts could be converted to ARM JSON templates or Bicep files used to define deployment stacks.

When is the deadline?

Well, all the Blueprints (Preview) will be deprecated on July 11, 2026. Thus, you should have enough time to make the transition to Template Specs and Deployment Stacks.

📌 Reference to Microsoft Learn page on this announcement.
📌 Reference to the LinkedIn post 👉 Should you consider Azure 🚀 Blueprints for your new ⛅ projects ⁉ 🤔

what is next?

Are there any other cloud services ⛅ that will be deprecated soon ⁉🤔
Please, share below in the 💬 comments section.

🔔 If you see any recommendations or suggestions to use Azure Blueprints on Microsoft Learn pages, please ping me back.

Thank you in advance 😉

What services you could use to apply Zero Trust 🚷 principles in your cloud environment ⁉ 🤔

Hello Cloud Marathoners!

We live in a rapidly evolving security landscape 🔐 🛡 with new challenges every day. Even after the pandemic, our work continues to be blended with remote work where many organizations enabled the BYOD policies to increase productivity of the people.

Growing landscape of cybersecurity attacks

Relaxed controls on IT assets, welcomed potential vulnerabilities, and attack surfaces are also expanded adding layers of complexity to corporate IT to perform their task to defend and enable organizational services.

Zero Trust model aligned services

Zero Trust model offered by leading industry players like Microsoft offers comprehensive solutions to our security challenges. Let’s consider those services and their benefits that are listed below:

✅ Security Posture Management
It is enhanced with Azure Policy and Azure Blueprints by defining and enforcing compliance and control guardrails on Azure resources

✅ Identities
Are strengthened using Entra ID (aka, Azure AD) providing robust authentication and authorization.

✅ Endpoint Management
Services like Microsoft Intune and Entra ID Join manage the corporate and BYOD devices with strict compliance

✅ Web App protection
Azure Defender for Cloud & Azure Web Application Firewall (WAF) protects app services by using bleeding-edge security features

✅ Data security
Remains top priority in transit and rest with advanced security features of Azure Storage services by providing encrypted, reliable, and scalable solutions

✅ Infrastructure security
Secrets and certificates are protected with Azure Key Vault services and Microsoft Defender for Cloud offers comprehensive threat protection from day zero

✅ Network Security
Azure network services like Azure Firewall and Virtual Networks are ensuring traffic is secure and segmented

✅ Conditional Access & Controls
App and data access is guarded by Microsoft Defender for Cloud Apps and Conditional Access services by enforcing specific access controls and providing visibility of your SaaS app landscape to help protect your apps.

✅ Modern SIEM and SOAR solution
The Azure Sentinel stands as a cloud-native solution that combines capabilities by centralizing threat detection and response.

In Summary

In summary, Microsoft Azure provides tools and services that are specifically designed to address growing concerns of vulnerabilities that your IT and Security team are tasked to deal with by following Zero Trust principles.

[🖐 Credit] Microsoft Zero Trust & Conditional Access docs

Subscribe to the #cloudmarathoner LinkedIn #tag 👏👀
Stay tuned for more Cloud, Automation & Security-related posts.

Fᴏʟʟᴏᴡ ᴍᴇ 🎯 ᴀɴᴅ become ᴀ #cloudmarathoner ⛅🏃‍♂️🏃‍♀️ – 𝐋𝐄𝐓’𝐒 𝐂𝐎𝐍𝐍𝐄𝐂𝐓

📌 Check out the LinkedIn post 👉 https://www.linkedin.com/posts/elkhanyusubov_cloudmarathoner-tag-cloudmarathoner-activity-7106249128782749696-4k0j #sharingiscaring ❤️

How could you easily create new pre-configured 🚀 Azure subscriptions that meet your organization’s specific needs ⁉ 🤔

Hello, dear #CloudMarathoner community!

If you have been implementing your customers with the management of enterprise subscriptions and policies, then it is a pretty common need to automate the provisioning of those subscriptions in a controlled and secure manner.

The good news is that you don’t have to reinvent the wheel and do everything from scratch. The Microsoft team that is behind the Azure Landing Zones implementation has a good reference that could tremendously help you.

Microsoft Global Customer Success team

Have you ever checked the subscription vending IaC Modules from the Microsoft Global Customer Success team (the same team behind Azure Landing Zones)?

Subscription Vending IaC Modules

Well, if not then Subscription Vending IaC Modules are available for you in two popular infrastructure-as-code (IaC) tools: Bicep and Terraform.
AND designed to help you implement the best practices for subscription provisioning.

Why use these modules?

Using these modules, you can quickly and easily provision new Azure subscriptions that are pre-configured to meet your organization’s specific needs. The modules include parameters/variables for Role-Based Access Control, Networking, Tags, and more.

📌 Check out the Bicep 💪 Landing Zone vending module for Azure a GitHub repo 👉 https://lnkd.in/dJRiK5yG

📌 Check out the Terraform landing zone vending module for Azure a GitHub repo 👉 https://lnkd.in/dtndsfXr #sharingiscaring ❤️

In Summary

So, what is your preferred way to provision Azure subscriptions ⁉ 🤔
Please, share your feedback 💬 in the comments or in the following LinkedIn post.

Interview with the DynamicsSmartz

Hello Cloud Marathoner friends,

I had a great interaction with Kerry, Head of Marketing at DynamicsSmartz few weeks ago. I was offered to share my technical insights into some of the Microsoft technologies and interesting trends in the Cloud and Security areas. As a Microsoft MVP in Azure, I was really excited to share my take on Cloud Security and Governance topics using this Platfrom.

what is Microsoft Dynamics Influencer Insights?

This program provides a look at what Industry Experts and Influencers have to say about the partner benefits of pursuing Digital Transformation. It is also important to note that Microsoft MVPs are usually providing the technical insights freely for the community benefit.

Insights on Cloud Security and Governance

There are multiple questions on Microsoft tech trends and opportunities that have been addressed in my interview. In addition, I also shared my success mantra that you could check it here.

Microsoft Dynamics Influencer insights with Elkhan Yusubov
Cloud Manager and Author, Elkhan Yusubov’s take on Cloud Security and Governance

Updated Publication

Today, on August 30th, I have been informed by DynamicsSmartz that my interview has been featured on “The Microsoft Partner Daily” publication. Thank you Kerry for notifying me and great job that you are doing.

Shared url of this publication

Conclusion

Please, let me know your take on my shared tech insights, and what would be the question you want to ask. As usual, please connect with me on @LinkedIn or @Twitter.

Study Guide for AZ-305: Part 1 – Design a Governance Solution

Hello friends,

As you might already know, a new AZ-305 exam for Azure Architects has been officially released a few days ago!!!

I would like to take this opportunity and help all my students and followers with preparation for this important exam.

My plan is to create a blog post series that cover official and community learning materials in addition to the Microsoft Learn, self-paced learning modules.

Table of content (blog series)

This exam is focused on designing cloud and hybrid solutions on Microsoft #Azure, and was made with #architects in mind 😏


A list of helpful reference materials that will complement your four Microsoft Learn AZ-305: XXX learning paths on the official learning site are screenshotted below for your references 🙂

What is the Cloud Governance ?

The Cloud Governance is a framework that guides how end users make use of cloud services by defining and creating policies to control costs, minimize security risks, improve efficiency and accelerate deployment. It’s imperative to have good cloud governance because it’s a foundational element to your cloud practice that provides the ability to scale and be successful.

In short, the governance in Azure is one aspect of Azure Management. This includes the tasks and processes required to maintain your business applications and the resources that support them. Azure has many services and tools that work together to provide complete management. 

What you can do with Azure Governance?

  • Enforce and audit your policies for any Azure service
  • Create compliant environments using Azure Blueprints, including resources, policies, and role-access controls
  • Ensure that you’re compliant with external regulations by using built-in compliance controls
  • Monitor spend and encourage accountability across your entire organization

The references below are taken from official Microsoft docs and focused on designing Azure governance solutions.

Build Enterprise Agile Azure Governance Foundation

Part 1: Design a governance solution

The references below are taken from official Microsoft docs and focused on designing Governance solutions in Azure. You could also find it helpful to check the Microsoft docs and learning paths with [Tutorials] below 🙂

This collection of links is gathered with a focus on the exam objectives of the AZ-305 certification exam.

How to protect your resource hierarchy
Cloud governance guides
What are Azure management groups
Azure subscription and service limits, quotas, and constraints
What is Azure Resource Manager
Lock resources to prevent unexpected changes
Use tags to organize your Azure resources and management hierarchy

Azure Policy
What is Azure Policy?
Azure Policy built-in policy definitions
Azure Policy built-in initiative definitions
What is Azure role-based access control (Azure RBAC)?
Organize and manage multiple Azure subscriptions
Recommended policies for Azure services
What are Azure management groups?
[Tutorial] Describe core Azure architectural components
[Tutorial] Microsoft Cloud Adoption Framework for Azure
Governance in the Microsoft Cloud Adoption Framework for Azure
Define your tagging strategy

Summary

Thank you for visiting the AZ-305 Study Guide and checking the Part 1 – Design a Governance solution.

The next one will be Part 2: Design Authentication and Authorization Solutions.