Blog Post

Azure Governance and Management Blog
2 MIN READ

Azure Governance @ Ignite 2025

jodiboone's avatar
jodiboone
Icon for Microsoft rankMicrosoft
Nov 22, 2025

Recap: Azure Governance @ Ignite 2025

Azure governance is thrilled to be back at ignite this year with some exciting updates. In this blog we will be sharing highlights from the session, overviews on new releases, and links on how you can get started using governance products including Azure Policy & Service Groups to maintain a well governed environment where you can deploy secure applications. Make sure to catch the recording if you missed it to see how Microsoft deploys these products in practice!  

Service Groups

Service groups is the newest product in the Azure governance suite allowing you to maintain more dynamic and flexible resource hierarchies. To recap, service groups provide:

  • Low Privilege Management: Service Groups are designed to operate with minimal permissions, ensuring that users can manage resources without needing excessive access and appealing to multiple personas. Access to a Service Group does not grant role-based access control or policy inheritance to its members.
  • Flexible and Varying Hierarchies: Azure resources and scopes, from anywhere in the tenant, can become members of one or multiple service groups. Additionally, Service Groups can be nested providing the ability to have multiple hierarchy structures, i.e. Cost Center, Product, Organization, and more!

 Service groups has recently gone Public Preview and this year at ignite we are excited to announce new integrations including,

  1. Azure Monitoring

 

 

  1. Azure Resiliency

 

 

Stay tuned for future integrations and get started using service groups today at: aka.ms//servicegroups

Azure Policy

This ignite we are excited to showcase new releases enriching the power of the policy language and improving ease of use through major UX improvements.

To start off, we announced our public preview for Identity Based Exemptions, a new type of exemption resource that targets the callers service principal versus the scope on which the exemption is applied. Allowing admins to place targeted exemptions for approved service principals, to avoid over exempting without interrupting business critical workflows.

New Home Page Experience!

As the policy framework has expanded, the focus of your policy management has expanded beyond just compliance, to other aspects of the policy deployment lifecycle, including exemptions & remediations. We also know that one size does not fit all, so we are excited to release a new Azure policy UX landing page that provides a refreshed view on compliance, policy status, and will showcase how to get started using new primitives & releases. Try it out and let us know what you think!

 

 

 

Machine Configuration Customizable Baselines

The Azure Windows and Azure Linux baselines have provided a standard set of guidance for how to configure server operating systems in Azure. To make these baselines more relevant to changing regulatory standards & business goals, we’re

  • releasing an extensibility framework to make it easier than ever to deploy custom Azure baselines through Azure policy & Machine configuration.
  • Aligning the baseline content to be aligned with CIS across our supported distributions

Getting started is easy, select the baseline that you’re interested in applying and adjust any settings based on business requirements.

For more details on getting started visit: aka.ms//machinebaselines

 

 

 

Updated Nov 22, 2025
Version 1.0
No CommentsBe the first to comment