Subscription Management/ Governance

Question

I have some questions.

1. Are we able to prevent users within our organization from creating Subscriptions using the Visual Studio/Dev or other means in our Azure tenant?
2. If now, what is the recommended way to appropriately govern existing/new Subscriptions to ensure that people do not do dumb things within their subscription space that could compromise our organization?

I feel like the answer to number 1, based upon my research, is no... but I'm not 100% on that, and I know that there are some governance pieces within Management groups, Azure Defender and probably some other areas (RBAC?) where we could govern Subscriptions if we can't prevent the creation of them, but I wanted to hear from some veterans of Azure out there related to this topic.

Thanks in advance!

Answer 1

@Jamie McFarling Thank you for your post and I apologize for the delayed response!

Please refer to this similar thread - https://learn.microsoft.com/en-us/answers/questions/40809/azure-subscription-governance-best-practice-archit.html might be helpful.
Also check this GitHub link - https://github.com/MicrosoftDocs/azure-docs/issues/29092#issuecomment-846867398

Let me know if you further details/assistance in this matter.

----------------------------------------------------------------------------------------------------------------------

If the response helped, do "Accept Answer" and up-vote it

Answer 2

You can use Azure Policy to restrict certain operations on subscriptions.