Microsoft Azure Blueprint

What are Azure Blueprints, and how can they help with compliance?

Firebrand Cloud expert and instructor, Mike Brown, shares his thoughts.

Mike Brown
04 June, 2025

This blog was first published in 2020.

  

Microsoft Azure offers tons of resources for building end-to-end applications in the cloud. For a Cloud Architect, compliance is a major concern to get a solution off the ground responsibly.

Azure Blueprints allow Cloud Architects to:

  • Define a set of rules that Azure subscriptions must abide by
  • Deploy a set of Azure resources that conform to security best practices
  • Rapidly build new environments which comply with organisational standards

To do that, Blueprints allow you to deploy role and policy assignments, Azure Resource Manager Templates, and Resource Groups.

In this video, Mike Brown takes you through the process of deploying an Azure Blueprint, including:

  • How to create an Azure Blueprint
  • Defining artefacts for the Azure Blueprint to deploy

About Mike Brown

Mike Brown is a lead instructor at Firebrand Training. He has more than 20 years’ experience in Microsoft and Cisco-focused certifications. Mike loves working with new Cloud technologies and virtualisation. When he’s not teaching, he spends time making videos on Microsoft technologies and writing books on virtualisation.

Video transcript

Hi there, welcome to this Firebrand Q&A. My name is Mike Brown and I'm a Senior Cloud Instructor here at Firebrand Training. These Q&A sessions are designed so that we can answer some of the questions asked by our students on a regular basis. We hope to provide answers to questions in these sessions and, where appropriate, provide demonstrations of the features being discussed.

Today's question: What are Azure Blueprints, and how can they help with compliance?

At the time of recording, Azure Blueprints are still in preview, but they have the potential to be a great asset for anyone working in Azure.

Azure Blueprints will allow Cloud Architects to:

  • Define a set of rules that Azure subscriptions must abide by, by providing security controls and compliance controls to those subscriptions
  • Allow resources to be deployed to Azure (but those deployed resources must conform to security best practices)
  • And, Azure blueprints will allow us to rapidly deploy new environments which comply with our organisational standards

When creating an Azure Blueprint, they will allow us to deploy rule assignments, policy assignments, Azure manager templates, and resource groups.

So, let's take a look at Blueprints in action. In this demonstration, we will:

  • Create a new Azure Blueprint
  • Define artifacts for the Azure Blueprint to deploy
  • And show how the newest Azure blueprint can be deployed

Let's jump right in. Here we are in the Azure console. I've already accessed the blueprints blade. If you're not sure how to navigate here, just type 'blueprints' in the search bar. It's worth pointing out again that blueprints are still in preview and, like all preview features, are subject to change. We should wait until this feature comes out of preview before launching it in production.

If we scroll down this page a little bit, we can see the three tasks we need to perform when working with blueprints. Here we can see create a blueprint, apply to a scope, and track assignments. You would work through these three tasks in order.

Starting off, we'll create a blueprint, so let's click create. We're gonna be starting off with a blank blueprint, but again, if you scroll down, you can see that there are samples already created for you. So, if you find a sample that closely matches your requirements, use that as your starting point.

If I scroll back up, I'm gonna select start with a blank blueprint. This first section is our standard form, where we define a name for the blueprint, a description, and a location, so I'll fill those details in.

Here you can see I've defined a name for our first blueprint, a description, and a location. The location can be a management group or a subscription inside a management group. I've chosen one of my subscriptions.

The next step is to define artifacts, so let's click next, artifacts. You can see the subscription level is selected. Beneath there, select 'add artifact.' In the artifact type drop-down, select the arrow and here you can see the different types of artifacts you can define with your blueprint.

Let’s start off with a resource group. If we select that and scroll down just a little, what this artifact allows us to do is to deploy resource groups to new or existing subscriptions. We have to provide a display name for the artifact, but then notice the tick boxes.

Underneath resource group and location, we have tick boxes that are already selected that say this value should be specified when the blueprint is assigned. Leaving this tick box selected means that the assigner of the blueprint gets to fill in these details. Now I don't want to do that, so I'm gonna uncheck both these boxes and provide a name for a resource group and location.

Here you can see those details filled in, and I've added a name for the artifact as well. The only other value to add here is tags. If we scroll down a little bit, we can see the optional tags that can be added. I'm happy with this configuration, so I'll just say 'add.'

So now we see as well as a subscription level and artifacts that can be assigned there, we have our new resource group artifact and artifacts that can be assigned beneath there. So, beneath the new resource group, let's click 'Add artifact.'

And again, let's look at the artifact type so we can deploy here by clicking on the dropdown. Slightly different list now because resource groups cannot contain resource groups. But beneath here we can still add policies, rules, and templates.

Let's click on role assignment. And at this resource group level, I'm going to assign a role permission to one of my Azure AD users. The role I'm going to assign is contributor, so from the role dropdown I choose 'contributor.'

Again, I untick the tick-box that says this value will be specified during blueprint assignment, and I'm going to select one of mine, Azure AD users. I'm choosing Bob - I'm going to give Bob the contributor role for this new resource group.

I'll say Add there, and again we can see the artifact listed. We can carry on with this by assigning policies around templates at different levels, but I'm happy with my blueprint, so I'm going to say save draft. Once the draft is saved, you'll be sent back to the blueprint blade. Now that we created a blueprint, we can apply it - so let's click apply.

The first thing we need to do is select our blueprint, so from the blueprint drop-down select draft. You should see a list of draft blueprints, including the one we just created. Here we can see the blueprint I created, and on the right-hand side we've got the three dots.

If we flick those three dots and from here we choose publish blueprint. We need to provide a version for a blueprint and any notes that we want to share over people. And if we're happy, we click publish. It might take a minute or so to publish a blueprint.

Again, for the drop-down under blueprints instead of draft filter for published. Now we have the blueprint published, it's ready to be assigned, so select the three dots again on the right-hand side and choose 'assign blueprint.'

Here we provide an assignment name, a location, and the version of the blueprint we wish to assign. If you scroll down, you can see more of the form, including a parameter section. So, if there were any parameters to be filled in, it would be done here. If we're happy, we click assign.

I'm in my subscription and I can see a list of my resource groups, and you notice amongst them is a resource group called our resource group. This is the resource group that was deployed by the blueprint. If I select that resource group and click access control IAM under role assignments, and contributor, we should see Bob.

So, what are Azure blueprints, and how can they help with compliance?

  • Well, they allow us to map our security and compliance requirements to a group of artifacts that we can deploy together;
  • They enforced standard configurations for existing and new subscriptions;
  • And give us a configuration that we can repeat, so that we have predictable results.

To learn more about Azure and how you can get certified fast, visit our website at Firebrand Training. I've also put links to some of our accelerated courses in the video description. For more videos and tips on all things Azure and Cloud, please subscribe to our channel and follow us on LinkedIn. If you have any questions about Cloud Computing, add to the comment section below, and we'll do our best to get back to you. Look out for our Firebrand Q&A, see you next time!

What is Firebrand?

For the past 14 years in a row, we’ve been named one of the Top 20 IT Training Companies in the World.

We offer accelerated IT certifications from the world's top vendors.

Could one of them be right for you, or your team?

See all our Microsoft courses.