-
Notifications
You must be signed in to change notification settings - Fork 982
ALZ Resource Provider Recommendations
An Azure resource provider is a set of REST operations that enable functionality for a specific Azure service. For example, the Key Vault service consists of a resource provider named Microsoft.KeyVault. The resource provider defines REST operations for managing vaults, secrets, keys, and certificates.
To deploy a resource in Azure, you must ensure your Azure subscription is registered for the resource provider that is associated with that resource. Registration configures your subscription to work with the resource provider. You can view a list of all resource providers in Azure by service here. Learn how to view all your resource providers in the portal here.
Some resource providers are turned on by Azure by default on all subscriptions during time of subscription creation and are not possible to unregister. Some examples are Microsoft.SerialConsole, Microsoft.Authorization, and Microsoft.Consumption. You can view a list of providers turned on by default by service here. Resource providers marked with - registered by default in the tables are automatically registered for your subscription, and you do not need to worry about them.
To successfully deploy an Enterprise-Scale with a predefined template, along with ensuring other prerequisites are complete, ensure these Resource Providers are registered in ALL subscriptions associated with your new Landing Zone:
- Microsoft.Insights
- Microsoft.AlertsManagement
- Microsoft.OperationalInsights
- Microsoft.OperationsManagement
- Microsoft.Automation
- Microsoft.Security
- Microsoft.Network
- Microsoft.EventGrid
- Microsoft.ManagedIdentity
- Microsoft.GuestConfiguration
- Microsoft.Advisor
- Microsoft.PolicyInsights
This list of RPs is all you need to deploy Enterprise Scale for EMPTY subscriptions (only resources listed in the template). If you want to deploy additional resources, please ensure the RPs for those resources are also registered.
Most of the time, if they are not registered prior, Azure should automatically register them for you. However, in some cases, deployment fails if the proper Resource Providers are not registered.
Some other common Resource Providers to consider having registered in your subscriptions for resources you may deploy are:
- Microsoft.Compute
- Microsoft.Storage
- Microsoft.ResourceHealth
- Microsoft.KeyVault
- Microsoft.Sql
- Microsoft.Capacity
- Microsoft.ManagedServices
- Microsoft.Management
- Microsoft.SecurityInsights
- Microsoft.Blueprint
- Microsoft.Cache
- Microsoft.RecoveryServices
- What's New?
- Community Calls
- Frequently Asked Questions (FAQ)
- Known issues
- What is Enterprise-Scale
- How it Works
- Deploying Enterprise-Scale
- Pre-requisites
- ALZ Resource Providers Guidance
- Configure Microsoft Entra permissions
- Configure Azure permissions
- Deploy landing zones
- Deploy reference implementations
- Telemetry Tracking Using Customer Usage Attribution (PID)
- Deploy without hybrid connectivity to on-premises
- Deploy with a hub and spoke based network topology
- Deploy with a hub and spoke based network topology with Zero Trust principles
- Deploy with an Azure Virtual WAN based network topology
- Deploy for Small Enterprises
- Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)
- Deploy workloads
- Create landing zones (subscriptions) via Subscription Vending
- Azure Landing Zones Deprecated Services
- Azure Landing Zone (ALZ) Policies
- Policies included in Azure landing zones reference implementations
- Policies included but not assigned by default and Workload Specific Compliance initiatives
- Policies FAQ & Tips
- Policies Testing Framework
- Migrate Azure landing zones custom policies to Azure built-in policies
- Updating Azure landing zones custom policies to latest
- MMA Deprecation Guidance
- Contributing