Welcome back to our Indispensable Azure Tools series. This time, we’re exploring Azure Governance Visualizer, also known as as AzGovViz. A powerful PowerShell based tool that brings transparency and control to your Azure governance landscape. Whether you’re a cloud architect, DevOps engineer, or IT manager, AzGovViz offers a comprehensive way to visualize and manage your Azure environment. Let’s explore why this tool is essential, how it compares, and how to begin using it.
What is Azure Governance Visualizer (AzGovViz)?
AzGovViz is a PowerShell-based tool designed to provide a detailed, visual representation of your Azure governance setup. Developed by Julian Hayward, a Microsoft Customer Engineer, and aligned with the Microsoft Cloud Adoption Framework, it’s not an official Microsoft service but an open-source tool provided “as is” under the MIT License. By polling Azure ARM, Storage, and Microsoft Graph APIs, AzGovViz captures critical governance data, for example management groups, policies, and role-based access control (RBAC), and turns it into actionable insights.
Why AzGovViz Stands Out?
AzGovViz is great because it offers a comprehensive view of your Azure governance, wrapped in automation and flexibility. Here’s what sets it apart:
- Management Group Visualization: Maps out your tenant’s management group hierarchy down to subscriptions, making organizational structure crystal clear.
- Policy Deep Dive: Details custom policy definitions, assignments, and orphaned policies, ensuring compliance gaps don’t slip through.
- RBAC Clarity: Highlights custom roles, assignments, and orphaned roles, streamlining access control management.
- Security Insights: Integrates over 260 PSRule for Azure checks, aligning your setup with security best practices.
- Flexible Reporting: Outputs reports in HTML, Markdown, and CSV formats, with options to host them securely on Azure App Service.
- Automation: Hooks into CI/CD pipelines via GitHub Actions or Azure DevOps, keeping your governance data fresh without manual effort.
For teams managing multi-tenant setups or aiming for compliance, AzGovViz is an essential tool.
Getting Started with AzGovViz
Ready to harness AzGovViz? The setup is straightforward, especially with the Azure Governance Visualizer Accelerator. Here’s your step-by-step guide:
- Create a Service Principal: Head to Microsoft Entra ID, register an app, and grant it Azure API permissions to run AzGovViz.
- Clone the Accelerator: Grab the accelerator from GitHub, fork it to your repo, and configure federated credentials.
- Assign Permissions: Give the service principal RBAC roles (e.g., Reader) on your target resource group or subscription.
- Deploy via Workflow: Use the provided GitHub workflow to deploy to an Azure Web App (automation handles the heavy lifting).
For a manual approach, check the repo at GitHub. You’ll need PowerShell and the AzAPICall module (v1.2.4 or higher recommended). Pro tip: Ensure your tenant’s API permissions are set, and watch for skipped subscriptions (e.g., those with “AAD_” Quota Ids).
Automating AzGovViz with GitHub Workflows
One of AzGovViz’s standout strengths is its seamless automation potential, particularly through GitHub Workflows, as highlighted in the Azure Architecture Center’s Landing Zone Design Guide. By integrating AzGovViz into a GitHub Workflow, you can schedule regular runs, triggered by a timer or event, to collect governance insights automatically. The process is streamlined with the Azure Governance Visualizer Accelerator, which uses OpenID Connect to authenticate with Azure, executes the script, and pushes HTML, Markdown, and CSV reports back to your repository. These reports can then be published to an Azure App Service, making them accessible to authorized users via Microsoft Entra ID authentication.
“By integrating AzGovViz into a GitHub Workflow, you can schedule regular runs, triggered by a timer or event, to collect governance insights automatically.“
This automation not only saves time but also ensures your governance data stays current, aligning with the scalable, repeatable principles of Azure landing zones outlined in the Architecture Center’s guidance.
Real-World Impact
When you are managing a complex Azure tenant with multiple management groups and custom policies without a tool like AzGovViz, you need to piece together governance details manually. That’s not only time-consuming but also error-prone. AzGovViz helps with delivering a visual report in minutes, flagging orphaned roles, and integrating with your DevOps pipeline. It’s already a staple in the Cloud Adoption Framework’s Govern discipline, and its community-driven updates (like recent network insights) keep it relevant for current cloud challenges.
For more information on Azure Governance Visualizer, please visit the official docs and the Azure landing zone documentation.
Stay tuned as we roll out more indispensable tools to power up your Azure cloud journey!