Sign up to save your podcasts
Or
Share Governance, Security, and Compliance in an Azure Enterprise Strategy
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Governance, Security, and Compliance in an Azure Enterprise Strategy
(00:00:00) Governance Beyond Documentation
(00:01:33) The Three Types of Governance Failure
(00:04:47) Governance by Design: The Deterministic Approach
(00:06:01) The Problem with Probabilistic Security
(00:08:25) Enterprise Landing Zones and Management Groups
(00:12:12) Subscription Strategy: Drawing Boundaries
(00:16:06) Role-Based Access Control and Privileged Identity Management
(00:24:23) Policy as Your Guardrail
(00:28:02) Initiatives and Exceptions in Governance
(00:32:36) Continuous Compliance and Cost Governance
Governance Isn’t Paperwork — It’s Control Most organizations think governance is documentation.
They are wrong. Documentation is what you write after the platform has already decided what it will allow. Governance is control: enforced intent at scale. Once you have dozens of teams and hundreds of subscriptions, your blast radius stops being “a bad deployment” and becomes “a bad operating model.” That’s when audits turn into emergencies, costs leak quietly for months, and security degrades into a collection of exceptions nobody owns. This episode is not a features walkthrough of Microsoft Azure. It’s the operating system: landing zones, management groups, RBAC with Privileged Identity Management, Azure Policy as real guardrails, and—most importantly—the feedback loops that keep governance from decaying into entropy. The Enterprise Failure Mode: When Drift Becomes Normal Most enterprises won’t admit this out loud: Governance rarely fails because controls are missing.
It fails because controls drift. Everything starts clean. There’s a baseline.
There’s a naming standard.
There’s a policy initiative.
There are “temporary” Owner assignments.
There’s a spreadsheet someone calls a RACI. Then the first exception request arrives. It’s reasonable.
It’s urgent.
It’s “just this one workload.” The platform team faces a false choice: block the business and be hated, or approve the exception and be pragmatic. Humans optimize for short-term conflict avoidance, so the exception is approved. That exception becomes an entropy generator. The fatal enterprise assumption is believing entropy generators clean themselves up. They don’t. Exceptions are rarely removed. Often they aren’t even tracked. Over time, the baseline stops being real. It becomes a historical suggestion surrounded by exemptions no one remembers approving. Three distinct failure modes get lumped together as “we need better governance”:
They chase compliance scores.
They write more documentation. None of that stops drift—because drift is not a knowledge problem. It’s a decision-distribution problem. Azure decision-making is inherently distributed. Portals, pipelines, service principals, managed identities—all generating thousands of micro-decisions per day: regions, SKUs, exposure, identity, logging, encryption, tags. If constraints aren’t enforced, you don’t have governance. You have opinions. Even good teams create chaos at scale. People rotate. Contractors appear. Deadlines compress. Local optimization wins. The platform becomes a museum of half-enforced intent. That’s why platform teams turn into ticket queues—not due to incompetence, but because the system is asking humans to act as the authorization engine for the entire enterprise. Audit season exposes the truth. Public access is “blocked,” except where it isn’t.
Secure Score looks “fine,” because inconvenient findings were waived.
Logging exists—just not consistently.
Costs can’t be allocated because tags were optional. Incidents are worse. Post-incident reviews don’t say “we lacked policy.”
They say “we didn’t realize this path existed.” That path exists because drift created it. Autonomy does not scale without boundaries.
Exceptions are not special cases—they are permanent forks unless designed to expire. The only sustainable fix is governance by design. Not meetings.
Not documentation.
Design. Governance by Design: Deterministic Guardrails vs Probabilistic Security Governance by design means the platform enforces intent—not people. In architectural terms, Azure governance is an authorization and compliance compiler sitting on top of the Azure control plane. Every action becomes a request. The only thing that matters is whether the platform accepts it. Most organizations answer that question socially: tickets, reviews, tribal knowledge. That model collapses under scale. The alternative is determinism. Deterministic governance doesn’t mean perfect—it means predictable. The same request yields the same outcome every time, regardless of who is deploying or how urgent it feels. That’s the difference between governance and governance theater. A deterministic guardrail looks like this:
The goal is safe autonomy. Azure doesn’t understand org charts. It understands rules. So the real design question is simple and brutal: What must always be true, and at what scope? Scope is where determinism is won or lost. Get it wrong, and you create either gridlock or drift. Which is why governance always starts with structure. Landing Zones and Management Groups: Where Scale Either Works or Doesn’t An enterprise landing zone is not a template.
It’s the set of preconditions that make every future workload boring. Identity boundaries.
Network boundaries.
Logging destinations.
Policy inheritance.
Ownership models. Most organizations do this backwards—migrating first, governing later. That’s how you build a city and argue about roads after people move in. The hierarchy is the enforcement surface. Azure Policy inherits down it.
RBAC inherits down it. If the hierarchy is messy, governance becomes archaeological work. The mistake is ornamental depth—management groups that mirror org charts instead of intent. Depth multiplies ambiguity. Breadth enables delegation. The governing principle is separation by risk intent:
Owner is not convenience. Owner is a breach multiplier. Separation of duties is non-negotiable:
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.
They are wrong. Documentation is what you write after the platform has already decided what it will allow. Governance is control: enforced intent at scale. Once you have dozens of teams and hundreds of subscriptions, your blast radius stops being “a bad deployment” and becomes “a bad operating model.” That’s when audits turn into emergencies, costs leak quietly for months, and security degrades into a collection of exceptions nobody owns. This episode is not a features walkthrough of Microsoft Azure. It’s the operating system: landing zones, management groups, RBAC with Privileged Identity Management, Azure Policy as real guardrails, and—most importantly—the feedback loops that keep governance from decaying into entropy. The Enterprise Failure Mode: When Drift Becomes Normal Most enterprises won’t admit this out loud: Governance rarely fails because controls are missing.
It fails because controls drift. Everything starts clean. There’s a baseline.
There’s a naming standard.
There’s a policy initiative.
There are “temporary” Owner assignments.
There’s a spreadsheet someone calls a RACI. Then the first exception request arrives. It’s reasonable.
It’s urgent.
It’s “just this one workload.” The platform team faces a false choice: block the business and be hated, or approve the exception and be pragmatic. Humans optimize for short-term conflict avoidance, so the exception is approved. That exception becomes an entropy generator. The fatal enterprise assumption is believing entropy generators clean themselves up. They don’t. Exceptions are rarely removed. Often they aren’t even tracked. Over time, the baseline stops being real. It becomes a historical suggestion surrounded by exemptions no one remembers approving. Three distinct failure modes get lumped together as “we need better governance”:
- Missing controls
You never built the guardrail. Immature, but fixable. - Drifting controls
The guardrail exists, but incremental deviations taught the organization how to route around it. - Conflicting controls
Multiple teams enforce their own “correct” baselines. Individually rational. Collectively chaotic.
They chase compliance scores.
They write more documentation. None of that stops drift—because drift is not a knowledge problem. It’s a decision-distribution problem. Azure decision-making is inherently distributed. Portals, pipelines, service principals, managed identities—all generating thousands of micro-decisions per day: regions, SKUs, exposure, identity, logging, encryption, tags. If constraints aren’t enforced, you don’t have governance. You have opinions. Even good teams create chaos at scale. People rotate. Contractors appear. Deadlines compress. Local optimization wins. The platform becomes a museum of half-enforced intent. That’s why platform teams turn into ticket queues—not due to incompetence, but because the system is asking humans to act as the authorization engine for the entire enterprise. Audit season exposes the truth. Public access is “blocked,” except where it isn’t.
Secure Score looks “fine,” because inconvenient findings were waived.
Logging exists—just not consistently.
Costs can’t be allocated because tags were optional. Incidents are worse. Post-incident reviews don’t say “we lacked policy.”
They say “we didn’t realize this path existed.” That path exists because drift created it. Autonomy does not scale without boundaries.
Exceptions are not special cases—they are permanent forks unless designed to expire. The only sustainable fix is governance by design. Not meetings.
Not documentation.
Design. Governance by Design: Deterministic Guardrails vs Probabilistic Security Governance by design means the platform enforces intent—not people. In architectural terms, Azure governance is an authorization and compliance compiler sitting on top of the Azure control plane. Every action becomes a request. The only thing that matters is whether the platform accepts it. Most organizations answer that question socially: tickets, reviews, tribal knowledge. That model collapses under scale. The alternative is determinism. Deterministic governance doesn’t mean perfect—it means predictable. The same request yields the same outcome every time, regardless of who is deploying or how urgent it feels. That’s the difference between governance and governance theater. A deterministic guardrail looks like this:
- Resources only deploy in approved regions
- Diagnostics go to known destinations
- Public exposure is denied unless explicitly designed
- Violations fail at deployment, not after reporting
- “Should be true unless…”
- Audit-only controls
- Optional tags
- Waivers everywhere
The goal is safe autonomy. Azure doesn’t understand org charts. It understands rules. So the real design question is simple and brutal: What must always be true, and at what scope? Scope is where determinism is won or lost. Get it wrong, and you create either gridlock or drift. Which is why governance always starts with structure. Landing Zones and Management Groups: Where Scale Either Works or Doesn’t An enterprise landing zone is not a template.
It’s the set of preconditions that make every future workload boring. Identity boundaries.
Network boundaries.
Logging destinations.
Policy inheritance.
Ownership models. Most organizations do this backwards—migrating first, governing later. That’s how you build a city and argue about roads after people move in. The hierarchy is the enforcement surface. Azure Policy inherits down it.
RBAC inherits down it. If the hierarchy is messy, governance becomes archaeological work. The mistake is ornamental depth—management groups that mirror org charts instead of intent. Depth multiplies ambiguity. Breadth enables delegation. The governing principle is separation by risk intent:
- Platform
- Production
- Non-production
- Sandbox
- Regulated
- Billing boundaries
- Security boundaries
- Policy inheritance boundaries
- Incident containment boundaries
- One massive subscription
- Per-team chaos subscriptions
- Ad-hoc creation with no vending model
- Who is accountable?
- What baseline applies?
- What access model is allowed?
- What is the acceptable blast radius?
Owner is not convenience. Owner is a breach multiplier. Separation of duties is non-negotiable:
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.
View all episodes
By Mirko Peters (Microsoft 365 consultant and trainer)(00:00:00) Governance Beyond Documentation
(00:01:33) The Three Types of Governance Failure
(00:04:47) Governance by Design: The Deterministic Approach
(00:06:01) The Problem with Probabilistic Security
(00:08:25) Enterprise Landing Zones and Management Groups
(00:12:12) Subscription Strategy: Drawing Boundaries
(00:16:06) Role-Based Access Control and Privileged Identity Management
(00:24:23) Policy as Your Guardrail
(00:28:02) Initiatives and Exceptions in Governance
(00:32:36) Continuous Compliance and Cost Governance
Governance Isn’t Paperwork — It’s Control Most organizations think governance is documentation.
They are wrong. Documentation is what you write after the platform has already decided what it will allow. Governance is control: enforced intent at scale. Once you have dozens of teams and hundreds of subscriptions, your blast radius stops being “a bad deployment” and becomes “a bad operating model.” That’s when audits turn into emergencies, costs leak quietly for months, and security degrades into a collection of exceptions nobody owns. This episode is not a features walkthrough of Microsoft Azure. It’s the operating system: landing zones, management groups, RBAC with Privileged Identity Management, Azure Policy as real guardrails, and—most importantly—the feedback loops that keep governance from decaying into entropy. The Enterprise Failure Mode: When Drift Becomes Normal Most enterprises won’t admit this out loud: Governance rarely fails because controls are missing.
It fails because controls drift. Everything starts clean. There’s a baseline.
There’s a naming standard.
There’s a policy initiative.
There are “temporary” Owner assignments.
There’s a spreadsheet someone calls a RACI. Then the first exception request arrives. It’s reasonable.
It’s urgent.
It’s “just this one workload.” The platform team faces a false choice: block the business and be hated, or approve the exception and be pragmatic. Humans optimize for short-term conflict avoidance, so the exception is approved. That exception becomes an entropy generator. The fatal enterprise assumption is believing entropy generators clean themselves up. They don’t. Exceptions are rarely removed. Often they aren’t even tracked. Over time, the baseline stops being real. It becomes a historical suggestion surrounded by exemptions no one remembers approving. Three distinct failure modes get lumped together as “we need better governance”:
They chase compliance scores.
They write more documentation. None of that stops drift—because drift is not a knowledge problem. It’s a decision-distribution problem. Azure decision-making is inherently distributed. Portals, pipelines, service principals, managed identities—all generating thousands of micro-decisions per day: regions, SKUs, exposure, identity, logging, encryption, tags. If constraints aren’t enforced, you don’t have governance. You have opinions. Even good teams create chaos at scale. People rotate. Contractors appear. Deadlines compress. Local optimization wins. The platform becomes a museum of half-enforced intent. That’s why platform teams turn into ticket queues—not due to incompetence, but because the system is asking humans to act as the authorization engine for the entire enterprise. Audit season exposes the truth. Public access is “blocked,” except where it isn’t.
Secure Score looks “fine,” because inconvenient findings were waived.
Logging exists—just not consistently.
Costs can’t be allocated because tags were optional. Incidents are worse. Post-incident reviews don’t say “we lacked policy.”
They say “we didn’t realize this path existed.” That path exists because drift created it. Autonomy does not scale without boundaries.
Exceptions are not special cases—they are permanent forks unless designed to expire. The only sustainable fix is governance by design. Not meetings.
Not documentation.
Design. Governance by Design: Deterministic Guardrails vs Probabilistic Security Governance by design means the platform enforces intent—not people. In architectural terms, Azure governance is an authorization and compliance compiler sitting on top of the Azure control plane. Every action becomes a request. The only thing that matters is whether the platform accepts it. Most organizations answer that question socially: tickets, reviews, tribal knowledge. That model collapses under scale. The alternative is determinism. Deterministic governance doesn’t mean perfect—it means predictable. The same request yields the same outcome every time, regardless of who is deploying or how urgent it feels. That’s the difference between governance and governance theater. A deterministic guardrail looks like this:
The goal is safe autonomy. Azure doesn’t understand org charts. It understands rules. So the real design question is simple and brutal: What must always be true, and at what scope? Scope is where determinism is won or lost. Get it wrong, and you create either gridlock or drift. Which is why governance always starts with structure. Landing Zones and Management Groups: Where Scale Either Works or Doesn’t An enterprise landing zone is not a template.
It’s the set of preconditions that make every future workload boring. Identity boundaries.
Network boundaries.
Logging destinations.
Policy inheritance.
Ownership models. Most organizations do this backwards—migrating first, governing later. That’s how you build a city and argue about roads after people move in. The hierarchy is the enforcement surface. Azure Policy inherits down it.
RBAC inherits down it. If the hierarchy is messy, governance becomes archaeological work. The mistake is ornamental depth—management groups that mirror org charts instead of intent. Depth multiplies ambiguity. Breadth enables delegation. The governing principle is separation by risk intent:
Owner is not convenience. Owner is a breach multiplier. Separation of duties is non-negotiable:
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.
They are wrong. Documentation is what you write after the platform has already decided what it will allow. Governance is control: enforced intent at scale. Once you have dozens of teams and hundreds of subscriptions, your blast radius stops being “a bad deployment” and becomes “a bad operating model.” That’s when audits turn into emergencies, costs leak quietly for months, and security degrades into a collection of exceptions nobody owns. This episode is not a features walkthrough of Microsoft Azure. It’s the operating system: landing zones, management groups, RBAC with Privileged Identity Management, Azure Policy as real guardrails, and—most importantly—the feedback loops that keep governance from decaying into entropy. The Enterprise Failure Mode: When Drift Becomes Normal Most enterprises won’t admit this out loud: Governance rarely fails because controls are missing.
It fails because controls drift. Everything starts clean. There’s a baseline.
There’s a naming standard.
There’s a policy initiative.
There are “temporary” Owner assignments.
There’s a spreadsheet someone calls a RACI. Then the first exception request arrives. It’s reasonable.
It’s urgent.
It’s “just this one workload.” The platform team faces a false choice: block the business and be hated, or approve the exception and be pragmatic. Humans optimize for short-term conflict avoidance, so the exception is approved. That exception becomes an entropy generator. The fatal enterprise assumption is believing entropy generators clean themselves up. They don’t. Exceptions are rarely removed. Often they aren’t even tracked. Over time, the baseline stops being real. It becomes a historical suggestion surrounded by exemptions no one remembers approving. Three distinct failure modes get lumped together as “we need better governance”:
- Missing controls
You never built the guardrail. Immature, but fixable. - Drifting controls
The guardrail exists, but incremental deviations taught the organization how to route around it. - Conflicting controls
Multiple teams enforce their own “correct” baselines. Individually rational. Collectively chaotic.
They chase compliance scores.
They write more documentation. None of that stops drift—because drift is not a knowledge problem. It’s a decision-distribution problem. Azure decision-making is inherently distributed. Portals, pipelines, service principals, managed identities—all generating thousands of micro-decisions per day: regions, SKUs, exposure, identity, logging, encryption, tags. If constraints aren’t enforced, you don’t have governance. You have opinions. Even good teams create chaos at scale. People rotate. Contractors appear. Deadlines compress. Local optimization wins. The platform becomes a museum of half-enforced intent. That’s why platform teams turn into ticket queues—not due to incompetence, but because the system is asking humans to act as the authorization engine for the entire enterprise. Audit season exposes the truth. Public access is “blocked,” except where it isn’t.
Secure Score looks “fine,” because inconvenient findings were waived.
Logging exists—just not consistently.
Costs can’t be allocated because tags were optional. Incidents are worse. Post-incident reviews don’t say “we lacked policy.”
They say “we didn’t realize this path existed.” That path exists because drift created it. Autonomy does not scale without boundaries.
Exceptions are not special cases—they are permanent forks unless designed to expire. The only sustainable fix is governance by design. Not meetings.
Not documentation.
Design. Governance by Design: Deterministic Guardrails vs Probabilistic Security Governance by design means the platform enforces intent—not people. In architectural terms, Azure governance is an authorization and compliance compiler sitting on top of the Azure control plane. Every action becomes a request. The only thing that matters is whether the platform accepts it. Most organizations answer that question socially: tickets, reviews, tribal knowledge. That model collapses under scale. The alternative is determinism. Deterministic governance doesn’t mean perfect—it means predictable. The same request yields the same outcome every time, regardless of who is deploying or how urgent it feels. That’s the difference between governance and governance theater. A deterministic guardrail looks like this:
- Resources only deploy in approved regions
- Diagnostics go to known destinations
- Public exposure is denied unless explicitly designed
- Violations fail at deployment, not after reporting
- “Should be true unless…”
- Audit-only controls
- Optional tags
- Waivers everywhere
The goal is safe autonomy. Azure doesn’t understand org charts. It understands rules. So the real design question is simple and brutal: What must always be true, and at what scope? Scope is where determinism is won or lost. Get it wrong, and you create either gridlock or drift. Which is why governance always starts with structure. Landing Zones and Management Groups: Where Scale Either Works or Doesn’t An enterprise landing zone is not a template.
It’s the set of preconditions that make every future workload boring. Identity boundaries.
Network boundaries.
Logging destinations.
Policy inheritance.
Ownership models. Most organizations do this backwards—migrating first, governing later. That’s how you build a city and argue about roads after people move in. The hierarchy is the enforcement surface. Azure Policy inherits down it.
RBAC inherits down it. If the hierarchy is messy, governance becomes archaeological work. The mistake is ornamental depth—management groups that mirror org charts instead of intent. Depth multiplies ambiguity. Breadth enables delegation. The governing principle is separation by risk intent:
- Platform
- Production
- Non-production
- Sandbox
- Regulated
- Billing boundaries
- Security boundaries
- Policy inheritance boundaries
- Incident containment boundaries
- One massive subscription
- Per-team chaos subscriptions
- Ad-hoc creation with no vending model
- Who is accountable?
- What baseline applies?
- What access model is allowed?
- What is the acceptable blast radius?
Owner is not convenience. Owner is a breach multiplier. Separation of duties is non-negotiable:
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
If this clashes with how you’ve seen it play out, I’m always curious. I use LinkedIn for the back-and-forth.