Lab 21 – Azure Governance & Policy Management

This lab introduces Azure governance fundamentals. You’ll create management groups, apply resource locks, and configure Azure Policy to enforce compliance across your cloud environment.

• Outcome 1: Management groups created and structured.
• Outcome 2: Resource locks applied to critical assets.
• Outcome 3: Azure Policy configured for compliance enforcement.
• Outcome 4: Governance dashboard validated.

• DL21.1: Management group hierarchy created.
• DL21.2: Resource locks applied to production resources.
• DL21.3: Azure Policy definitions assigned.
• DL21.4: Compliance dashboard validated.
• DL21.5: Documentation updated with screenshots and policy details.

1. In Azure Portal, navigate to Management Groups.
2. Create groups for:
   • Production
   • Development
   • Sandbox
3. Assign subscriptions to each group.
4. Document hierarchy and purpose.

1. Navigate to critical resources (VMs, storage accounts, network groups).
2. Apply Read‑Only or Delete locks.
3. Test lock enforcement by attempting modifications.
4. Document lock configuration.

1. Navigate to Azure Policy in the portal.
2. Create or assign built‑in policies:
   • Allowed locations
   • Allowed resource types
   • Tag enforcement
3. Assign policies to management groups.
4. Validate compliance results.

1. Open the Compliance Dashboard in Azure Policy.
2. Review non‑compliant resources.
3. Remediate or document exceptions.
4. Capture screenshots for documentation.

• Governance: How management groups and policies enforce structure.
• Compliance: How Azure Policy ensures consistent standards.
• Protection: How resource locks prevent accidental changes.

With governance and policy management configured, you’re ready to secure identities and enforce conditional access in Week 22.