Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Using a cloud marketplace to purchase and deploy cloud-based applications creates new paradigms for users and IT administrators. Microsoft Marketplace aligns with fundamental Azure governance and foundational concepts that facilitate the delivery of the right business and technical outcomes when deploying applications from Microsoft Marketplace. The concepts also implement the right controls to ensure proper governance operations. Understanding Azure fundamental concepts and becoming familiar with Azure terminology helps you govern and control when using Microsoft Marketplace.
Roles and permissions
Assign the right roles and permissions to prevent errors during purchase. For more information about roles and permissions applicable to purchasing, see Roles and permissions.
Resources organization
When you deploy an application through Microsoft Marketplace, the resources are deployed into your Azure subscription just like any other Azure resource. Applications purchased through Microsoft Marketplace should be deployed in the proper area of the management group, subscription, and resource group hierarchy. Deploying resources from your Azure subscription into the proper resource group helps you organize your Microsoft Marketplace purchases and track costs that are related to your workloads. An example diagram follows:
Depending on the type of application you're purchasing, you have a collection of relevant properties to set before deployment including the resource group. The following image shows how a Linux virtual machine purchased through Microsoft Marketplace is deployed to a resource group:
All resources deployed from Microsoft Marketplace into your Azure subscription can be managed within the Azure portal, via PowerShell, or via command line just like any other Azure resource.
You can consult Microsoft's enterprise cloud governance guide for best practices on how to add governance guardrails across your organization's Azure subscriptions as you purchase and deploy applications from Microsoft Marketplace. The governance guide for complex enterprises provides useful information on how to implement the resource organization, including geography and regional considerations.
Tags
Tagging is an effortless way to classify assets into a taxonomy, and tags are a crucial part of organizing your Azure resources, including resources deployed from Microsoft Marketplace. Tags can be the basis for applying your business policies with Azure Policy or tracking Microsoft Marketplace costs using Microsoft Cost Management + Billing.
You can apply tags to resources deployed from Microsoft Marketplace, resource groups, and subscriptions to logically organize them into a taxonomy, as you would when deploying any other Azure resource.
You can follow Microsoft's guidance for developing a tagging strategy, including defining a naming convention. Ensure Microsoft Marketplace resources follow proper naming and tagging conventions and enforce tagging conventions using Azure Policy. It helps your centralized governance teams make wise cost management decisions when deploying apps from Microsoft Marketplace. Tag policy is a way to enforce mandatory values based on what your project needs are. Like any good implementation of governance controls, the requirements should come from your business needs and be well understood before creating technical controls.