Cloud Adoption Framework - How management groups fix the security chaos you've been tolerating On her first day, Marta opened the Azure portal and counted the subscriptions sitting directly under the root management group. Forty-seven. No hierarchy. No inherited policy. No consistent RBAC. Security alerts lighting up Defender for Cloud with no clear owner. Every team had provisioned what they needed, when they needed it, under whoever had Owner rights that week. The tenant had been growing...

Series · Part 2 of 2 Access controls, permission models, data protection through sensitivity labels, governance tooling, and compliance. You have done Part 1. Conditional Access is configured. Private Links are under discussion. The network team is happy, or at least no longer actively unhappy. You have a presentation slide that says "Authentication via Entra ID — always on" and a compliance officer who has stopped asking uncomfortable questions. And then a data analyst sends a message at...

Series · Part 1 of 2 How the platform authenticates, how network traffic is controlled, and why the SaaS model changes what you actually need to worry about. It always starts the same way. The Fabric proof-of-concept goes well. The data team is excited. Someone in leadership says "let's move this to production," and then — somewhere between the handshake and the go-live — security has a meeting with the platform team, and the platform team says something they really should not say. "It's...