This content was previously on my http://aka.ms/Azure/IaaSOpsGuide. I've pulled it out to use a simple and easy to remember URL.... aka.ms/Azure/ARM
Once you have your Azure Subscription, I think the planning and implementing Resource Groups should be first on your list. Because if this is not done, then when you go to deploy anything in the new Azure portal in ARM mode, then a default Resource Group will be created for you. If you pre-make a few to start with, then once you create storage, network and compute resources, then you can assign those resources to Azure Resource groups, per Azure Region, as you see fit. There are many ways to do this e.g. by dev/test environments or by resource types such as domain controllers or web servers. At a high level, most Azure pages will say to create these according to managed lifecycles of Azure Resources. By default the subscription administrators will have access to all of these, so if you make a bunch, then later, you can create groups to assign RBAC to delegate administration.
Overviews
- Azure Resource Manager Overview
- Lock Down Your Azure Resources
- Authenticating a service principal with Azure Resource Manager
- World Class ARM Templates Considerations and Proven Practices | Download THE Whitepaper!
- Azure Resource Manager JSON Templates overview -understand them better!
- Azure Resource Manager DevOps Jump Start Microsoft Virtual Academy online class!
- Tuesdays with Corey: Azure Resource Policy
- Ignite 2016 Fully Integrated Azure Resource Manager Deployments
- Build 2017 Azure Resource Manager templates: Life after (first) deployment
- Ignite 2016 Manage and control your applications with Microsoft Azure Resource Manager
- Deploying, Organizing and Securing Applications with the Azure Resource Manager | Microsoft Ignite 2015
- Azure Resource Manager Templates | On Channel 9
- Azure Quick Start Templates! | As mentioned on Channel 9 above | Use the same template repeatedly
- ARM Template Visualizer
Operational Guidance
Task Name Task Link
- Determine Naming Convention | http://aka.ms/azure/naming
- Deploy a Resource Group through command line or the Azure Portal | http://aka.ms/Azure/RG
- Identity all existing RBAC roles available | http://aka.ms/Azure/Roles
- Manage access using the Azure portal | http://aka.ms/Azure/RBAC/Manage
- Manage Role-Based Access Control with Azure PowerShell | http://aka.ms/azure/rbac/ps
- Manage Role-Based Access Control with the Azure Command Line Interface | http://aka.ms/azure/rbac/cli
- Managing Role-Based Access Control with the REST API | http://aka.ms/Azure/RBAC/RestAPI
- Identify Role-based access control in Azure Automation | http://aka.ms/Azure/RBACA/Automation
- Using tags to organize your Azure resources | http://aka.ms/Azure/tags
- Use Policy to manage resources and control access | http://aka.ms/azure/policy
- Lock resources with Azure Resource Manager | http://aka.ms/Azure/Lock