Azure Governance Solution

D

You use Azure Policy to enforce tagging rules and conventions. By creating a policy, you avoid the scenario of resources being deployed to your subscription that don't have the expected tags for your organization. Instead of manually applying tags or searching for resources that aren't compliant, you create a policy that automatically applies the needed tags during deployment.

Note: Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for these reasons:

Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

To design an Azure governance solution that makes all Azure resources easily identifiable based on operational information, such as environment, owner, department, and cost center, you should use Azure tagging. Tags are name/value pairs that can be applied to resources to organize and categorize them. By using tags, you can quickly identify resources based on their metadata.

To ensure that you can use the operational information when generating reports for Azure resources, you should enforce tagging rules using Azure policies. An Azure policy is a mechanism for enforcing and auditing compliance with corporate or regulatory requirements. Azure policies can be used to enforce tagging rules on resources to ensure that all resources have tags with the required metadata.

Option A, an Azure data catalog that uses the Azure REST API as a data source, is not the best solution for this scenario because it is designed to enable data discovery and reuse within an organization, rather than enforcing tagging rules on Azure resources.

Option B, Azure Active Directory (Azure AD) administrative units, can be used to manage and delegate administrative access to Azure resources, but it is not the best solution for enforcing tagging rules on Azure resources.

Option C, an Azure management group that uses parent groups to create a hierarchy, can be used to manage and organize Azure resources, but it is not the best solution for enforcing tagging rules on Azure resources.

Therefore, the best solution for this scenario is option D, an Azure policy that enforces tagging rules. By using Azure policies, you can enforce the use of tags on all Azure resources to ensure that they are easily identifiable based on the required operational information.