Wednesday, September 26, 2018

What is an Azure Blueprint?

Over the past year or so, Azure has made a bunch of progress in helping customers manage their Azure environments better.  All of these concepts fit into the area of "Azure Governance" and include things like Azure management groups and Azure Policy.

At Ignite, another feature in the Azure governance toolset was released into preview, and that is Azure Blueprint.  So, what exactly is Azure Blueprint?

I've helped quite a few customers create Azure subscriptions from scratch.  Contrary to the marketing material, setting up an Azure subscription and ensuring that it is secure and compliant by default is no easy feat.  Some examples of initial tasks include:

- Setting up of appropriate RBAC permissions
- Planning for shared services
- Establishing a resource group layout
- Planning for networking, hybrid connectivity, etc
- Establishing a tagging strategy, for billing or otherwise
- Planning for number of subscriptions
- ... and much more

In the past, I would use a combination of tools for this job, which generally involved the portal, command line (read: scripting), ARM templates, and Visio.  Because what architecture would be complete without some Visio?

Azure Blueprint is the culmination of a bunch of work designed to make creating subscriptions easier.  From the documentation:

Blueprints is designed to help with environment setup, which often consists of a set of resource groups, policies, and role assignments, in addition to Resource Manager template deployments.
So, Blueprints consist of the following types of documents:

- ARM Templates (still the basis for everything)
- Resource Groups (ARM templates are still applied to a resource group)
- Policy (How security/compliance/governance teams can apply general rules to follow and/or enforce)
- Role Assignments (RBAC is still important)

Effectively, most operations that one would normally conduct during initial account setup can now be completely scripted and applied to multiple subscriptions in a management group hierarchy. To a certain degree, Azure Blueprints could even replace some of the planning components by codifying best practices into templates that are easy to distribute.

I am hoping to spend some time working with Azure Blueprints over the next few weeks. If you are interested in finding out more, here is the official documentation:

https://docs.microsoft.com/en-us/azure/governance/blueprints/overview