Governance Hierarchy Constructs

Policy

• Ability to create those guardrails that can block, audit, or remediate

• Rules -> actions that are assigned at a scope such an RG, resource, or subscription

• Inherited downwards

RBAC

• Role assignment

  • A security principal from AAD gets assigned a certain role

Budget

• Set a $ amount and a threshold

  • Could be % of budget or based on a forecast to predict what spend will be

The above 3 constructs can be used to govern your environment