Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Using a cloud marketplace to purchase and deploy cloud-based applications creates new paradigms for users and IT administrators. Azure Marketplace aligns with fundamental Azure governance and foundational concepts that facilitate the delivery of the right business and technical outcomes when deploying applications from Azure Marketplace. The concepts also implement the right controls to ensure proper governance operations. Understanding Azure fundamental concepts and becoming familiar with Azure terminology helps you govern and control using Azure Marketplace.
Roles and permissions
Assign the right roles and permissions to prevent errors during purchase. For more information about roles and permissions applicable to purchasing, see Roles and permissions.
Resources organization
When you deploy an application through Azure Marketplace, the resources are deployed into your Azure subscription just like any other Azure resource. Applications purchased through Azure Marketplace should be deployed in the proper area of the management group, subscription, and resource group hierarchy. Deploying resources from your Azure subscription into the proper resource group helps you organize your Azure Marketplace purchases and track costs that are related to your workloads. An example diagram follows:
Depending on the type of application you're purchasing, you have a collection of relevant properties to set before deployment including the resource group. The following image shows how to create a Linux virtual machine purchased through Azure Marketplace is deployed to a resource group:
All resources deployed from Azure Marketplace into your Azure subscription can be managed within the Azure portal, via PowerShell, or via command line just like any other Azure resource.
You can consult Microsoft's enterprise cloud governance guide for best practices on how to add governance guardrails across your organization's Azure subscriptions as you purchase and deploy applications from Azure Marketplace. The governance guide for complex enterprises provides useful information on how to implement the resource organization, including geography and regional considerations.
Tags
Tagging is an effortless way to classify assets into a taxonomy, and tags are a crucial part of organizing your Azure resources, including resources deployed from Azure Marketplace. Tags can be the basis for applying your business policies with Azure Policy or tracking Azure Marketplace costs using Microsoft Cost Management + Billing.
You can apply tags to resources deployed from Azure Marketplace, resource groups, and subscriptions to logically organize them into a taxonomy, as you would when deploying any other Azure resource.
You can follow Microsoft's guidance for developing a tagging strategy, including defining a naming convention. Ensure all Azure Marketplace resources follow proper naming and tagging conventions and enforce tagging conventions using Azure Policy. It helps your centralized governance teams make wise cost management decisions when deploying apps from Azure Marketplace. Tag policy is a way to enforce mandatory values based on what your project needs are. Like any good implementation of governance controls, the requirements should come from your business needs and be well understood before creating technical controls.