What is the recommendation on how to start using NubOps?
When you create an app registration you also have to assign a role to that app registration in Azure IAM on the subscriptions you want NubOps to analyze.
Our recommendation is to start out by only assigning the app registration the "Reader" role on one single non-production subscription in Azure. If possible, create a new Azure subscription where you can experiment without affecting other resources. This will also reduce initial "noise" in NubOps as you start out.
The Policies feature will generate a lot of findings and recommendations, so it makes sense to start out by creating a green field environment. Then you could create one resource type at a time, a virtual machine for example, to see what needs to be reconfigured based on the findings and recommendations provided by the Policies feature. This will give you insights into best practices concerning Azure security and governance. Once you've gained a good understanding of how to use NubOps, and identified potential improvements to the rest of your environment, you can use NubOps to verify that the tasks agreed upon within your organization have indeed been carried out and completed correctly, according to plan.
Our recommendation is to start out by only assigning the app registration the "Reader" role on one single non-production subscription in Azure. If possible, create a new Azure subscription where you can experiment without affecting other resources. This will also reduce initial "noise" in NubOps as you start out.
The Policies feature will generate a lot of findings and recommendations, so it makes sense to start out by creating a green field environment. Then you could create one resource type at a time, a virtual machine for example, to see what needs to be reconfigured based on the findings and recommendations provided by the Policies feature. This will give you insights into best practices concerning Azure security and governance. Once you've gained a good understanding of how to use NubOps, and identified potential improvements to the rest of your environment, you can use NubOps to verify that the tasks agreed upon within your organization have indeed been carried out and completed correctly, according to plan.
Updated on: 04/03/2025
Thank you!