Cost Entropy: The Architectural Flaw Killing Your Azure Budget

1
00:00:00,000 --> 00:00:02,120
Most organizations think Azure gets expensive

2
00:00:02,120 --> 00:00:03,960
because engineers waste money.

3
00:00:03,960 --> 00:00:04,800
They are wrong.

4
00:00:04,800 --> 00:00:07,080
Azure gets expensive because the platform is allowed

5
00:00:07,080 --> 00:00:09,040
to spend without an owner, without limits,

6
00:00:09,040 --> 00:00:10,280
and without consequences.

7
00:00:10,280 --> 00:00:11,600
That isn't a savings problem.

8
00:00:11,600 --> 00:00:12,720
It's cost entropy.

9
00:00:12,720 --> 00:00:15,000
Drift created by unowned deployment pathways

10
00:00:15,000 --> 00:00:16,920
that keep producing recurring spend

11
00:00:16,920 --> 00:00:19,360
long after the original decision got forgotten.

12
00:00:19,360 --> 00:00:21,680
This episode isn't dashboards, savings hacks,

13
00:00:21,680 --> 00:00:23,160
or spot VM folklore.

14
00:00:23,160 --> 00:00:26,080
It's the uncomfortable shift from why is Azure expensive?

15
00:00:26,080 --> 00:00:27,600
To the only question that matters,

16
00:00:27,600 --> 00:00:29,800
what did you allow and why can nobody stop it?

17
00:00:30,320 --> 00:00:32,080
The enterprise cost failure mode,

18
00:00:32,080 --> 00:00:33,760
unowned spend becomes normal.

19
00:00:33,760 --> 00:00:36,200
Cost overruns don't show up as one dramatic mistake.

20
00:00:36,200 --> 00:00:37,480
They show up as a new normal,

21
00:00:37,480 --> 00:00:39,400
a temporary environment that never gets deleted

22
00:00:39,400 --> 00:00:41,600
because nobody can prove it safe.

23
00:00:41,600 --> 00:00:43,800
A premium SKU chosen for safety,

24
00:00:43,800 --> 00:00:46,120
because the engineer is accountable for outages,

25
00:00:46,120 --> 00:00:47,280
not for invoices.

26
00:00:47,280 --> 00:00:48,800
Silent egress during a migration

27
00:00:48,800 --> 00:00:50,680
because the network path changed,

28
00:00:50,680 --> 00:00:53,040
the data moved, and the bill kept arriving.

29
00:00:53,040 --> 00:00:54,760
None of these are exotic failures.

30
00:00:54,760 --> 00:00:57,600
They are the default behavior of a large Azure estate

31
00:00:57,600 --> 00:00:59,200
when intent is not enforced.

32
00:01:00,120 --> 00:01:01,160
Here's what most people miss.

33
00:01:01,160 --> 00:01:03,760
Every one of those outcomes is locally rational.

34
00:01:03,760 --> 00:01:05,440
The engineer wants a stable deployment,

35
00:01:05,440 --> 00:01:07,000
so they select the higher tier.

36
00:01:07,000 --> 00:01:08,240
The team wants velocity,

37
00:01:08,240 --> 00:01:09,560
so they clone the environment

38
00:01:09,560 --> 00:01:11,240
and come back later to clean up.

39
00:01:11,240 --> 00:01:13,320
The platform team wants to unblock delivery,

40
00:01:13,320 --> 00:01:16,200
so they grant broad permissions temporarily.

41
00:01:16,200 --> 00:01:18,400
Each decision makes sense in isolation,

42
00:01:18,400 --> 00:01:20,720
but the enterprise doesn't pay for isolated decisions.

43
00:01:20,720 --> 00:01:22,600
The enterprise pays for the aggregate,

44
00:01:22,600 --> 00:01:24,200
and that aggregate becomes chaos

45
00:01:24,200 --> 00:01:27,000
because cloud cost is not additive in the way leaders imagine.

46
00:01:27,000 --> 00:01:27,840
It is compounding.

47
00:01:27,840 --> 00:01:29,600
It accumulates from recurring resources,

48
00:01:29,600 --> 00:01:32,360
from idle capacity, from just in case redundancy,

49
00:01:32,360 --> 00:01:34,960
from shared services nobody can allocate,

50
00:01:34,960 --> 00:01:38,360
and from the quiet truth that Azure is a permissioned system.

51
00:01:38,360 --> 00:01:42,440
If something exists, some identity was allowed to create it.

52
00:01:42,440 --> 00:01:45,000
This is the part that should sound familiar to security people.

53
00:01:45,000 --> 00:01:46,280
Security drift doesn't happen

54
00:01:46,280 --> 00:01:48,360
because everyone suddenly forgets security.

55
00:01:48,360 --> 00:01:50,440
It happens because exceptions accumulate.

56
00:01:50,440 --> 00:01:52,600
A conditional access policy gets an exclude

57
00:01:52,600 --> 00:01:54,160
for this service account.

58
00:01:54,160 --> 00:01:56,320
An R-back role gets a temporary owner.

59
00:01:56,320 --> 00:01:58,280
A firewall rule gets a one-day opening

60
00:01:58,280 --> 00:01:59,800
that survives three quarters.

61
00:01:59,800 --> 00:02:02,120
Over time, the system stops behaving deterministically

62
00:02:02,120 --> 00:02:04,200
and starts behaving probabilistically.

63
00:02:04,200 --> 00:02:05,520
Cost follows the same physics.

64
00:02:05,520 --> 00:02:08,160
If the platform allows teams to create resources

65
00:02:08,160 --> 00:02:09,680
without ownership metadata,

66
00:02:09,680 --> 00:02:10,840
without budget boundaries,

67
00:02:10,840 --> 00:02:12,800
and without constrained SQL choices,

68
00:02:12,800 --> 00:02:14,280
then drift is not a risk.

69
00:02:14,280 --> 00:02:15,240
Drift is guaranteed.

70
00:02:15,240 --> 00:02:18,040
You are operating a cost system with no memory of intent.

71
00:02:18,040 --> 00:02:20,240
That distinction matters.

72
00:02:20,240 --> 00:02:24,000
The typical enterprise response is predictable, reminders.

73
00:02:24,000 --> 00:02:25,880
We need to be more cost conscious.

74
00:02:25,880 --> 00:02:27,320
Please tag your resources.

75
00:02:27,320 --> 00:02:29,400
Here's the monthly cost review deck.

76
00:02:29,400 --> 00:02:32,000
That approach feels mature because it looks organized,

77
00:02:32,000 --> 00:02:33,720
but awareness does not constrain behavior.

78
00:02:33,720 --> 00:02:34,560
It never did.

79
00:02:34,560 --> 00:02:36,800
Reminders don't close deployment pathways.

80
00:02:36,800 --> 00:02:37,920
They don't stop a pipeline

81
00:02:37,920 --> 00:02:40,120
from deploying a premium database tier.

82
00:02:40,120 --> 00:02:42,720
They don't prevent a team from creating yet another subscription

83
00:02:42,720 --> 00:02:44,400
because procurement takes too long.

84
00:02:44,400 --> 00:02:46,480
They don't shut down an abandoned environment

85
00:02:46,480 --> 00:02:47,320
on Friday night.

86
00:02:47,320 --> 00:02:48,760
Humans are not a control plane.

87
00:02:48,760 --> 00:02:50,840
The platform is, as your resource manager is,

88
00:02:50,840 --> 00:02:52,920
R-back is, Azure policy is.

89
00:02:52,920 --> 00:02:54,960
Subscription boundaries are.

90
00:02:54,960 --> 00:02:56,960
Those are the things that decide what can exist

91
00:02:56,960 --> 00:02:57,800
and what cannot.

92
00:02:57,800 --> 00:03:00,200
If those layers do not encode financial intent,

93
00:03:00,200 --> 00:03:01,760
then the enterprise is basically

94
00:03:01,760 --> 00:03:03,480
running a distributed spending engine

95
00:03:03,480 --> 00:03:05,040
with no enforcement mechanism.

96
00:03:05,040 --> 00:03:07,080
So define the failure mode precisely.

97
00:03:07,080 --> 00:03:10,360
Unknown spend becomes normal because the system tolerates it.

98
00:03:10,360 --> 00:03:12,920
It tolerates resources that can't be attributed to a product,

99
00:03:12,920 --> 00:03:15,280
a cost center, or a named owner.

100
00:03:15,280 --> 00:03:16,800
It tolerates platform spend,

101
00:03:16,800 --> 00:03:19,720
smeared across shared subscriptions when nobody feels it.

102
00:03:19,720 --> 00:03:21,800
It tolerates environments that outlive the sprint

103
00:03:21,800 --> 00:03:23,080
they were created for.

104
00:03:23,080 --> 00:03:26,440
It tolerates premium defaults because nothing in the platform

105
00:03:26,440 --> 00:03:27,920
says prove you need this.

106
00:03:27,920 --> 00:03:30,440
And then eventually finance sees the invoice.

107
00:03:30,440 --> 00:03:32,440
By that point, the spend is no longer a decision.

108
00:03:32,440 --> 00:03:33,280
It's dead.

109
00:03:33,280 --> 00:03:34,280
The service is running.

110
00:03:34,280 --> 00:03:35,720
The stakeholders are attached.

111
00:03:35,720 --> 00:03:37,360
The architecture has formed around it.

112
00:03:37,360 --> 00:03:39,240
Turning it off is now a risk discussion,

113
00:03:39,240 --> 00:03:40,520
not a cost discussion.

114
00:03:40,520 --> 00:03:42,360
That's why invoice time escalation fails.

115
00:03:42,360 --> 00:03:44,400
It's always late and it's always political.

116
00:03:44,400 --> 00:03:46,600
Cost entropy is the name for that trap.

117
00:03:46,600 --> 00:03:49,160
It is unmanaged pathways that generate recurring spend

118
00:03:49,160 --> 00:03:50,720
without decision review.

119
00:03:50,720 --> 00:03:54,800
It is the gradual conversion of cost control from a deterministic model

120
00:03:54,800 --> 00:03:57,880
where spending happens because someone explicitly intended it

121
00:03:57,880 --> 00:03:59,440
into a probabilistic one,

122
00:03:59,440 --> 00:04:03,760
where spending happens because the platform is allowed to do whatever it can.

123
00:04:03,760 --> 00:04:06,120
And if you're wondering why waste cleanup never seems to finish,

124
00:04:06,120 --> 00:04:08,200
this is why you are chasing symptoms

125
00:04:08,200 --> 00:04:10,920
after the authorization decision already happened.

126
00:04:10,920 --> 00:04:12,560
The uncomfortable truth is simple.

127
00:04:12,560 --> 00:04:15,840
The enterprise cost failure mode is not the existence of waste.

128
00:04:15,840 --> 00:04:17,840
It's the absence of enforceable ownership.

129
00:04:17,840 --> 00:04:20,960
Waste is just what unowned systems produce at scale.

130
00:04:20,960 --> 00:04:23,720
And that's why most enterprises start FinOps backwards.

131
00:04:23,720 --> 00:04:27,280
They start with visibility tools, dashboards and reports,

132
00:04:27,280 --> 00:04:29,280
and then wonder why behavior doesn't change.

133
00:04:29,280 --> 00:04:31,160
Visibility doesn't enforce intent.

134
00:04:31,160 --> 00:04:32,320
Governance does.

135
00:04:32,320 --> 00:04:35,800
FinOps implemented backwards, tooling first, governance never.

136
00:04:35,800 --> 00:04:40,000
Most enterprises do FinOps the same way they do security awareness.

137
00:04:40,000 --> 00:04:43,720
They buy tooling, build dashboards, schedule a review meeting,

138
00:04:43,720 --> 00:04:46,200
and then act surprised when behavior doesn't change.

139
00:04:46,200 --> 00:04:47,960
The usual sequence is almost scripted,

140
00:04:47,960 --> 00:04:52,280
first enable Azure cost management, then build reports,

141
00:04:52,280 --> 00:04:57,360
then export to Power BI, then argue about amortization, reservations,

142
00:04:57,360 --> 00:05:01,200
and whether the spend should be grouped by resource group, subscription or tech.

143
00:05:01,200 --> 00:05:04,840
Somewhere in the middle, someone adds an email alert at 90% of budget.

144
00:05:04,840 --> 00:05:06,280
Everyone feels responsible.

145
00:05:06,280 --> 00:05:07,960
Nobody is constrained.

146
00:05:07,960 --> 00:05:09,160
That distinction matters.

147
00:05:09,160 --> 00:05:10,720
Observability is not governance.

148
00:05:10,720 --> 00:05:12,400
Observability tells you what happened.

149
00:05:12,400 --> 00:05:14,400
Governance decides what can happen.

150
00:05:14,400 --> 00:05:17,440
FinOps implemented backwards confuses the two and calls it progress.

151
00:05:17,440 --> 00:05:20,040
This is why so many FinOps programs turn into cost theatre.

152
00:05:20,040 --> 00:05:22,240
The reports get prettier, the decks get longer,

153
00:05:22,240 --> 00:05:24,400
the conversations get more sophisticated,

154
00:05:24,400 --> 00:05:27,440
but the platform remains permissive, so the spend keeps happening,

155
00:05:27,440 --> 00:05:30,280
and the FinOps team becomes a translation layer

156
00:05:30,280 --> 00:05:33,080
between invoices and engineers who never had to feel the cost decision

157
00:05:33,080 --> 00:05:34,480
in the moment it was made.

158
00:05:34,480 --> 00:05:36,680
Here's the uncomfortable behavior pattern that follows.

159
00:05:36,680 --> 00:05:37,840
Alerts become noise.

160
00:05:37,840 --> 00:05:41,040
Budget alert hits, email goes out, nobody responds.

161
00:05:41,040 --> 00:05:42,520
Not because people are lazy,

162
00:05:42,520 --> 00:05:46,000
because the alert is not attached to an owner with authority and consequence.

163
00:05:46,000 --> 00:05:47,600
The budget doesn't change anything.

164
00:05:47,600 --> 00:05:50,280
It doesn't block a deployment, it doesn't require an exception,

165
00:05:50,280 --> 00:05:52,200
it doesn't trigger escalation with teeth.

166
00:05:52,200 --> 00:05:56,600
It just creates another message in a mailbox already full of messages that sound urgent.

167
00:05:56,600 --> 00:05:58,520
And when alerts don't trigger action,

168
00:05:58,520 --> 00:06:00,360
engineers learn the real policy.

169
00:06:00,360 --> 00:06:01,760
Ignore it.

170
00:06:01,760 --> 00:06:04,600
That is how cost entropy becomes a culture problem.

171
00:06:04,600 --> 00:06:06,280
Not because the people are irresponsible,

172
00:06:06,280 --> 00:06:08,040
but because the system trains them,

173
00:06:08,040 --> 00:06:10,040
that nothing happens when you exceed intent.

174
00:06:10,040 --> 00:06:12,600
The platform keeps running, the invoice arrives later.

175
00:06:12,600 --> 00:06:13,880
Somebody else argues about it.

176
00:06:13,880 --> 00:06:16,640
FinOps tooling is good at telling you where the money went.

177
00:06:16,640 --> 00:06:18,960
It is structurally bad at preventing the next dollar,

178
00:06:18,960 --> 00:06:22,160
unless you connect it to controls that shape deployment pathways.

179
00:06:22,160 --> 00:06:26,960
Most organizations don't, they treat cost tooling as the control plane when it's just telemetry.

180
00:06:26,960 --> 00:06:29,760
And nowhere does that failure hide better than shared services.

181
00:06:29,760 --> 00:06:32,360
Shared services is where cost accountability goes to die.

182
00:06:32,360 --> 00:06:34,600
Networking, logging, monitoring, security tooling,

183
00:06:34,600 --> 00:06:39,960
egress, private endpoints, everything that platform teams deploy in the name of standardization and safety.

184
00:06:39,960 --> 00:06:43,400
It's also the perfect place for the organization to stop asking who owns spend

185
00:06:43,400 --> 00:06:44,840
because the answer is uncomfortable.

186
00:06:44,840 --> 00:06:46,920
Nobody owns it, everyone depends on it.

187
00:06:46,920 --> 00:06:50,680
So it becomes central IT spend and central IT becomes a cost sink.

188
00:06:50,680 --> 00:06:54,120
Every application team benefits, but no application team sees a direct bill.

189
00:06:54,120 --> 00:06:57,080
Therefore, nobody has an incentive to question retention sampling,

190
00:06:57,080 --> 00:07:01,400
SKU tiers, or whether that cross-region log ingestion was actually required.

191
00:07:01,400 --> 00:07:04,040
The system behaves exactly as designed.

192
00:07:04,040 --> 00:07:06,200
Shared costs become invisible costs.

193
00:07:06,200 --> 00:07:10,120
Then finance asks why cloud is expensive and the platform team shows a dashboard.

194
00:07:10,120 --> 00:07:13,640
The foundational mistake is treating the cost problem like a visibility problem.

195
00:07:13,640 --> 00:07:15,880
Visibility is necessary, it is never sufficient.

196
00:07:15,880 --> 00:07:17,800
A dashboard does not create a boundary.

197
00:07:17,800 --> 00:07:19,800
A report does not create a consequence.

198
00:07:19,800 --> 00:07:24,200
A monthly review does not stop a pipeline from deploying a premium tier on Tuesday morning

199
00:07:24,200 --> 00:07:26,440
because the engineer wants to reduce operational risks.

200
00:07:26,440 --> 00:07:30,680
So the film-opt's meeting becomes a recurring ritual where everyone agrees something should change

201
00:07:30,680 --> 00:07:33,160
and then the system keeps doing what it's allowed to do.

202
00:07:33,160 --> 00:07:35,400
That's the key phrase, what it's allowed to do.

203
00:07:35,400 --> 00:07:40,200
Because the only place you can reliably change cost behavior at scale is the control plane,

204
00:07:40,200 --> 00:07:42,760
identity, policy, hierarchy and permissions.

205
00:07:42,760 --> 00:07:45,800
As your doesn't spend money, your authorization model spends money.

206
00:07:45,800 --> 00:07:49,480
The moment you accept that, the whole tooling first approach looks like putting a

207
00:07:49,480 --> 00:07:51,400
speedometer in a car and calling it breaking.

208
00:07:51,400 --> 00:07:53,480
It's useful information, it is not control.

209
00:07:53,480 --> 00:07:56,440
FinOps implemented correctly starts from a different question.

210
00:07:56,440 --> 00:08:00,120
Where is the enterprise allowing spend to occur without explicit intent?

211
00:08:00,120 --> 00:08:03,480
And how does the platform enforce that intent every time?

212
00:08:03,480 --> 00:08:05,080
That means budgets aren't just numbers.

213
00:08:05,080 --> 00:08:06,760
They're signals wired to owners.

214
00:08:06,760 --> 00:08:08,120
Tagging isn't etiquette.

215
00:08:08,120 --> 00:08:09,720
It's enforced metadata.

216
00:08:09,720 --> 00:08:11,320
SQ selection isn't preference.

217
00:08:11,320 --> 00:08:11,960
It's policy.

218
00:08:11,960 --> 00:08:13,560
Subscription creation isn't convenience.

219
00:08:13,560 --> 00:08:15,640
It's a gated act with declared accountability.

220
00:08:15,640 --> 00:08:19,240
In other words, cost isn't a finance artifact you observe after the fact.

221
00:08:19,240 --> 00:08:20,520
It's a control plane outcome.

222
00:08:20,520 --> 00:08:23,160
You either constrained by design or you didn't.

223
00:08:23,160 --> 00:08:26,280
And once you see cost that way, the next step becomes obvious.

224
00:08:26,280 --> 00:08:29,080
Every cloud dollar is an authorization decision.

225
00:08:29,080 --> 00:08:30,200
The reframe.

226
00:08:30,200 --> 00:08:32,440
Every cloud dollar is an authorization decision.

227
00:08:32,440 --> 00:08:35,800
Here's the reframe that makes everything else painfully obvious.

228
00:08:35,800 --> 00:08:37,720
A cloud bill is not a finance event.

229
00:08:37,720 --> 00:08:40,280
It's a runtime side effect of authorization.

230
00:08:40,280 --> 00:08:41,960
Before a dollar shows up on an invoice,

231
00:08:41,960 --> 00:08:44,920
something had to be created, scaled or left running.

232
00:08:44,920 --> 00:08:46,280
And before that could happen,

233
00:08:46,280 --> 00:08:49,480
the platform evaluated and allowed denied decision somewhere in the graph.

234
00:08:49,480 --> 00:08:51,160
A user, a service principle,

235
00:08:51,160 --> 00:08:53,320
a managed identity, a pipeline,

236
00:08:53,320 --> 00:08:55,160
a landing zone automation account.

237
00:08:55,160 --> 00:08:57,400
Azure didn't get expensive.

238
00:08:57,400 --> 00:08:59,000
Azure did what it was allowed to do.

239
00:08:59,000 --> 00:09:01,720
That distinction matters because it moves the conversation away

240
00:09:01,720 --> 00:09:03,880
from feelings and toward mechanics.

241
00:09:03,880 --> 00:09:05,560
Cost isn't a behavior you inspire.

242
00:09:05,560 --> 00:09:07,000
It's a pathway you permit.

243
00:09:07,000 --> 00:09:08,440
If a resource exists,

244
00:09:08,440 --> 00:09:10,920
some identity had enough permission to create it.

245
00:09:10,920 --> 00:09:13,320
And the hierarchy had enough openness to accept it.

246
00:09:13,320 --> 00:09:14,760
So, okay, so basically,

247
00:09:14,760 --> 00:09:17,960
every cloud dollar begins life as an authorization decision.

248
00:09:17,960 --> 00:09:20,920
Most enterprises pretend cost starts in cost management.

249
00:09:20,920 --> 00:09:21,640
It does not.

250
00:09:21,640 --> 00:09:23,960
Cost starts at deploy time and scale time.

251
00:09:23,960 --> 00:09:27,320
Cost starts when the system compiles intent into reality.

252
00:09:27,320 --> 00:09:28,600
A bag allows the action,

253
00:09:28,600 --> 00:09:32,840
policy allows the configuration and the subscription boundary absorbs the blast radius.

254
00:09:32,840 --> 00:09:35,080
Think of Azure like an authorization compiler.

255
00:09:35,080 --> 00:09:36,360
You write intent as code,

256
00:09:36,360 --> 00:09:39,560
arm templates, bicep, terraform, pipelines, portal clicks.

257
00:09:39,560 --> 00:09:42,200
The control plane evaluates that intent against rules.

258
00:09:42,200 --> 00:09:43,240
If it passes,

259
00:09:43,240 --> 00:09:46,920
the platform materializes capacity that burns money every hour

260
00:09:46,920 --> 00:09:48,360
until something stops it.

261
00:09:48,360 --> 00:09:50,680
If you want cost control, you don't need more visibility.

262
00:09:50,680 --> 00:09:52,520
You need tighter compilation rules.

263
00:09:52,520 --> 00:09:56,680
This is also why anonymous spending is the most dangerous anti-pattern in Azure.

264
00:09:56,680 --> 00:09:59,400
Anonymous spending isn't literally anonymous as your logs everything,

265
00:09:59,400 --> 00:10:00,440
billing has line items.

266
00:10:00,440 --> 00:10:05,720
The issue is that the enterprise can't map spend to a responsible decision maker in time to intervene.

267
00:10:05,720 --> 00:10:07,960
The cost is smeared across shared scopes

268
00:10:07,960 --> 00:10:11,320
or resources are created without enforceable ownership metadata

269
00:10:11,320 --> 00:10:13,640
or the owner left the company and the budget state.

270
00:10:13,640 --> 00:10:14,920
That's not a reporting gap.

271
00:10:14,920 --> 00:10:18,760
That's an authorization gap because cost control only works when the decision maker

272
00:10:18,760 --> 00:10:20,520
is inside the feedback loop.

273
00:10:20,520 --> 00:10:23,400
If engineering can deploy without owning the financial impact,

274
00:10:23,400 --> 00:10:25,880
you've built a system where accountability is optional.

275
00:10:25,880 --> 00:10:28,200
Optional accountability doesn't survive scale.

276
00:10:28,200 --> 00:10:29,480
Now here's the weird part.

277
00:10:29,480 --> 00:10:31,080
The more exceptions you allow,

278
00:10:31,080 --> 00:10:33,640
the less predictable cost control becomes.

279
00:10:33,640 --> 00:10:36,520
Enterprises love exceptions because they sound pragmatic.

280
00:10:36,520 --> 00:10:38,120
This workload is special.

281
00:10:38,120 --> 00:10:39,240
This team is blocked.

282
00:10:39,240 --> 00:10:40,440
We'll fix it later.

283
00:10:40,440 --> 00:10:45,080
And each exception converts your financial control model from deterministic to probabilistic.

284
00:10:45,080 --> 00:10:47,800
To deterministic means if you try to deploy X,

285
00:10:47,800 --> 00:10:50,200
the platform will deny it unless you meet Y.

286
00:10:50,200 --> 00:10:52,680
Probabilistic means sometimes X is denied,

287
00:10:52,680 --> 00:10:53,880
sometimes it passes,

288
00:10:53,880 --> 00:10:56,040
depending on who asked what scope they used,

289
00:10:56,040 --> 00:10:57,880
which subscription they found,

290
00:10:57,880 --> 00:10:59,880
which policy is actually assigned,

291
00:10:59,880 --> 00:11:02,520
and which exemption was quietly granted six months ago.

292
00:11:02,520 --> 00:11:05,000
That is in governance. That's conditional chaos.

293
00:11:05,000 --> 00:11:07,480
So what is financial intent in architectural terms?

294
00:11:07,480 --> 00:11:09,320
It's not a spreadsheet. It's not a forecast.

295
00:11:09,320 --> 00:11:12,120
It's a set of constraints the platform enforces continuously.

296
00:11:12,120 --> 00:11:16,360
Ownership. Every deployable scope has a named accountable party.

297
00:11:16,360 --> 00:11:19,560
Boundaries, budgets and thresholds exist where ownership exists.

298
00:11:19,560 --> 00:11:23,800
Constraints allowed SKUs, regions and patterns match the environment's purpose.

299
00:11:23,800 --> 00:11:28,040
Escalation. When spent deviates, something happens that is not an email.

300
00:11:28,040 --> 00:11:32,520
Financial intent is the enterprise's decision logic encoded where decisions actually happen.

301
00:11:32,520 --> 00:11:34,840
And once you accept that cost is authorization,

302
00:11:34,840 --> 00:11:36,360
you also accept something else.

303
00:11:36,360 --> 00:11:38,920
Finops lives with identity, policy,

304
00:11:38,920 --> 00:11:40,520
RBIAC and hierarchy.

305
00:11:40,520 --> 00:11:42,280
Not because finance wants to be technical,

306
00:11:42,280 --> 00:11:44,200
but because that's where enforcement lives.

307
00:11:44,200 --> 00:11:45,800
Cost management can tell you what happened.

308
00:11:45,800 --> 00:11:49,800
It can't stop the next deployment as your policy can.rbac can.

309
00:11:49,800 --> 00:11:51,640
A subscription boundary can.

310
00:11:51,640 --> 00:11:55,880
Exception governance can. This is why the enterprise should stop talking about saving money

311
00:11:55,880 --> 00:11:59,000
and start talking about removing unordited spending pathways.

312
00:11:59,000 --> 00:12:01,320
The savings is a byproduct, control is the goal.

313
00:12:01,320 --> 00:12:04,040
And if you want one practical implication to hold on to,

314
00:12:04,040 --> 00:12:07,320
if you can't point to the exact boundary where spend is owned and constrained,

315
00:12:07,320 --> 00:12:08,920
you don't have financial governance.

316
00:12:08,920 --> 00:12:10,280
You have financial hope.

317
00:12:10,280 --> 00:12:14,440
So the question becomes, where is the first boundary that actually works at enterprise scale?

318
00:12:14,440 --> 00:12:16,440
It isn't a resource group, it isn't a tag.

319
00:12:16,440 --> 00:12:17,640
It isn't a dashboard.

320
00:12:17,640 --> 00:12:18,840
It's the subscription.

321
00:12:18,840 --> 00:12:21,320
Subscriptions are the primary cost governance boundary.

322
00:12:21,320 --> 00:12:23,640
Most people treat subscriptions as building buckets.

323
00:12:23,640 --> 00:12:25,160
A place to put workloads.

324
00:12:25,160 --> 00:12:26,760
A line item you can move later.

325
00:12:26,760 --> 00:12:29,000
That mental model is why cost control fails.

326
00:12:29,000 --> 00:12:31,560
A subscription is not primarily a finance construct.

327
00:12:31,560 --> 00:12:34,120
It's a governance boundary where three things collide.

328
00:12:34,120 --> 00:12:35,880
RBIAC scope, policy scope,

329
00:12:35,880 --> 00:12:38,040
and a measurable financial blast radius.

330
00:12:38,040 --> 00:12:40,760
It is the first place where you can make ownership real.

331
00:12:40,760 --> 00:12:43,240
Because the platform can attach permissions, budgets,

332
00:12:43,240 --> 00:12:46,360
and policy enforcement to a scope that actually contains damage.

333
00:12:46,360 --> 00:12:48,520
Resource groups don't do that, not reliably.

334
00:12:48,520 --> 00:12:50,440
Resource groups are operational containers.

335
00:12:50,440 --> 00:12:51,720
They help you organize.

336
00:12:51,720 --> 00:12:52,600
They help you deploy.

337
00:12:52,600 --> 00:12:55,400
They do not protect you from a team creating a second resource group

338
00:12:55,400 --> 00:12:58,200
with a different set of tags, a different naming convention,

339
00:12:58,200 --> 00:13:00,360
and a slightly different temporary story.

340
00:13:00,360 --> 00:13:03,560
And they absolutely don't protect you from the oldest enterprise trick.

341
00:13:03,560 --> 00:13:07,800
Burying expensive shared services in a resource group nobody wants to touch.

342
00:13:07,800 --> 00:13:10,040
Management groups are higher level governance.

343
00:13:10,040 --> 00:13:11,560
They're necessary for scale,

344
00:13:11,560 --> 00:13:14,280
but they're not where cost accountability becomes personal.

345
00:13:14,280 --> 00:13:15,960
They're where standards get inherited.

346
00:13:15,960 --> 00:13:18,760
The place where spend becomes owned is lower,

347
00:13:18,760 --> 00:13:21,480
where budgets and permissions map to actual teams.

348
00:13:21,480 --> 00:13:23,160
That's the subscription.

349
00:13:23,160 --> 00:13:25,960
A well-designed subscription is a budget boundary first.

350
00:13:25,960 --> 00:13:27,560
It's the unit where you can say,

351
00:13:27,560 --> 00:13:30,200
this is the maximum financial exposure we will tolerate

352
00:13:30,200 --> 00:13:31,880
for this workload or this team.

353
00:13:31,880 --> 00:13:35,240
And if it exceeds expected behavior, escalation happens immediately.

354
00:13:35,240 --> 00:13:37,400
Not at invoice time, at deviation time.

355
00:13:37,400 --> 00:13:39,400
A subscription is also an R-back boundary.

356
00:13:39,400 --> 00:13:41,080
If you want to stop anonymous spending,

357
00:13:41,080 --> 00:13:43,560
you need to stop handing out broad contributors at scopes

358
00:13:43,560 --> 00:13:45,240
where nobody can be clearly blamed.

359
00:13:45,240 --> 00:13:47,320
Subscriptions let you define who can deploy,

360
00:13:47,320 --> 00:13:49,080
who can approve, who can see costs,

361
00:13:49,080 --> 00:13:50,360
and who can grant further rights.

362
00:13:50,360 --> 00:13:52,120
That separation matters because otherwise,

363
00:13:52,120 --> 00:13:54,680
the same identity that can create spend can also hide it.

364
00:13:54,680 --> 00:13:57,240
And a subscription is a policy boundary.

365
00:13:57,240 --> 00:13:59,400
As your policy assignments at subscription scope

366
00:13:59,400 --> 00:14:01,960
are where enforcement stops being aspirational.

367
00:14:01,960 --> 00:14:03,640
You can deny premium skews in dev,

368
00:14:03,640 --> 00:14:06,200
you can restrict regions, you can require tags,

369
00:14:06,200 --> 00:14:07,800
you can force diagnostic settings

370
00:14:07,800 --> 00:14:09,880
that you've decided you're willing to pay for.

371
00:14:09,880 --> 00:14:13,160
You can also carve exceptions with visibility and expiration

372
00:14:13,160 --> 00:14:16,920
instead of letting them live forever as silent entropy generators.

373
00:14:16,920 --> 00:14:19,320
Now look at the failure mode most enterprises live in.

374
00:14:19,320 --> 00:14:20,600
Subscriptions sprawl.

375
00:14:20,600 --> 00:14:22,120
Subscriptions get created ad hoc.

376
00:14:22,120 --> 00:14:24,280
A team needs a sandbox, so they create one.

377
00:14:24,280 --> 00:14:26,440
And another team needs a POC, so they create one.

378
00:14:26,440 --> 00:14:28,680
The platform team needs to unblock delivery,

379
00:14:28,680 --> 00:14:29,800
so they create one.

380
00:14:29,800 --> 00:14:32,760
Over time, you get dozens or hundreds of subscriptions

381
00:14:32,760 --> 00:14:34,920
with inconsistent policies, inconsistent tagging,

382
00:14:34,920 --> 00:14:37,640
inconsistent permissions, and no coherent budget story.

383
00:14:37,640 --> 00:14:40,040
And when the bill spikes, nobody knows where to look first.

384
00:14:40,040 --> 00:14:42,040
Because the sprawl wasn't just more subscriptions,

385
00:14:42,040 --> 00:14:44,440
it was more unreviewed pathways for spend,

386
00:14:44,440 --> 00:14:46,840
more identities, more places where policies weren't assigned.

387
00:14:47,240 --> 00:14:49,880
More corners where a high tier resource could hide for months.

388
00:14:49,880 --> 00:14:52,520
So the real principle is not use fewer subscriptions.

389
00:14:52,520 --> 00:14:56,280
The principle is, a subscription should not exist without declared intent.

390
00:14:56,280 --> 00:14:58,680
That means subscription creation is not a convenience.

391
00:14:58,680 --> 00:14:59,720
It's a governance event.

392
00:14:59,720 --> 00:15:02,280
It is the moment you decide who owns this,

393
00:15:02,280 --> 00:15:04,840
what it can spend, what it is allowed to deploy,

394
00:15:04,840 --> 00:15:06,440
and what happens when it deviates.

395
00:15:06,440 --> 00:15:07,880
Call it a vending model if you want.

396
00:15:07,880 --> 00:15:08,840
The name doesn't matter.

397
00:15:08,840 --> 00:15:10,280
The enforcement does.

398
00:15:10,280 --> 00:15:13,160
Before a subscription is issued, four things must be true.

399
00:15:13,160 --> 00:15:15,160
First, there is an accountable owner.

400
00:15:15,160 --> 00:15:18,760
A human name, not platform team, not a distribution list,

401
00:15:18,760 --> 00:15:21,800
a role with escalation responsibility when budgets fire.

402
00:15:21,800 --> 00:15:24,120
Second, there is a budget with early thresholds,

403
00:15:24,120 --> 00:15:27,640
not 90% at month and early, 50% and 75%

404
00:15:27,640 --> 00:15:29,880
are governance interrupts, not failure notices.

405
00:15:29,880 --> 00:15:33,080
Third, there are allowed skews and regions aligned to purpose.

406
00:15:33,080 --> 00:15:34,040
Dev is not prod.

407
00:15:34,040 --> 00:15:36,440
Non-prod doesn't get premium defaults just in case.

408
00:15:36,440 --> 00:15:40,200
Regions are constrained because global sprawl is both expensive

409
00:15:40,200 --> 00:15:41,400
and operationally chaotic.

410
00:15:41,400 --> 00:15:44,680
Fourth, there is an escalation workflow that actually roots.

411
00:15:45,160 --> 00:15:48,120
If a budget triggers, it creates a ticket, it pages the owner,

412
00:15:48,120 --> 00:15:49,400
it hits the right channel.

413
00:15:49,400 --> 00:15:51,240
Something happens that forces a decision.

414
00:15:51,240 --> 00:15:52,280
This is the point.

415
00:15:52,280 --> 00:15:55,000
Subscriptions turn cost governance from a vague aspiration

416
00:15:55,000 --> 00:15:56,600
into an enforceable boundary.

417
00:15:56,600 --> 00:16:00,200
When you do this, sprawl collapses into an intentional structure.

418
00:16:00,200 --> 00:16:02,920
And that structure is the only thing that lets you scale

419
00:16:02,920 --> 00:16:05,800
Azure without scaling financial chaos,

420
00:16:05,800 --> 00:16:07,400
which brings up the first scenario,

421
00:16:07,400 --> 00:16:09,400
what happens when you don't do any of this.

422
00:16:09,400 --> 00:16:12,200
Scenario one, subscription sprawl with no ownership.

423
00:16:12,200 --> 00:16:14,760
Here's what subscriptions sprawl looks like in a real enterprise,

424
00:16:14,760 --> 00:16:16,920
not the PowerPoint version, the lived version.

425
00:16:16,920 --> 00:16:21,240
There are dozens of subscriptions because every project needed just one more.

426
00:16:21,240 --> 00:16:25,240
Some were created by Central IT, some by App Teams, some by an MSP,

427
00:16:25,240 --> 00:16:26,920
some by whoever still had the rights.

428
00:16:26,920 --> 00:16:29,160
A few are tied to products, many aren't,

429
00:16:29,160 --> 00:16:32,200
and the ones that aren't become the perfect hiding place for spend,

430
00:16:32,200 --> 00:16:34,920
because ambiguity is a financial shelter.

431
00:16:34,920 --> 00:16:38,520
In the before posture, budgets are either missing or decorative.

432
00:16:38,520 --> 00:16:41,960
Cost management exists, sure, but nobody owns the interpretation.

433
00:16:41,960 --> 00:16:44,040
Tags might exist, but they aren't enforced,

434
00:16:44,040 --> 00:16:48,280
and the billing views are full of resources with blank owners or TBD cost centers.

435
00:16:48,280 --> 00:16:52,040
There's usually at least one shared subscription called something like platform,

436
00:16:52,040 --> 00:16:53,880
connectivity or hub.

437
00:16:53,880 --> 00:16:56,280
And it contains everything expensive and unglomerates,

438
00:16:56,280 --> 00:17:00,120
firewalls, VPN gateways, private endpoints,

439
00:17:00,120 --> 00:17:04,120
log-in-gestion, cross-region replication, security tooling,

440
00:17:04,120 --> 00:17:06,360
the stuff that always grows and nobody wants to explain.

441
00:17:06,360 --> 00:17:07,880
And here's the operational pattern.

442
00:17:07,880 --> 00:17:10,120
Anomalies are discovered at invoice time.

443
00:17:10,120 --> 00:17:14,040
Finance sees a spike. It escalates to IT, 84 words it to the cloud team.

444
00:17:14,040 --> 00:17:17,000
The cloud team opens cost analysis and starts doing archaeology,

445
00:17:17,000 --> 00:17:19,400
who created the resources? Why are they still running?

446
00:17:19,400 --> 00:17:20,920
Which subscription is this even in?

447
00:17:20,920 --> 00:17:22,520
Is this production? Is this a POC?

448
00:17:22,520 --> 00:17:23,560
Is it safe to delete?

449
00:17:23,560 --> 00:17:25,320
The answer is usually nobody knows,

450
00:17:25,320 --> 00:17:26,920
not because the logs are missing,

451
00:17:26,920 --> 00:17:30,040
because ownership was never declared in a way the platform could enforce.

452
00:17:30,040 --> 00:17:33,560
So the system is full of spend that is technically attributable,

453
00:17:33,560 --> 00:17:35,160
but practically unowned.

454
00:17:35,160 --> 00:17:36,360
That's the pathology.

455
00:17:36,360 --> 00:17:38,120
The organization can see cost,

456
00:17:38,120 --> 00:17:41,000
but cannot assign responsibility fast enough to intervene.

457
00:17:41,000 --> 00:17:42,680
So every month becomes the same ritual.

458
00:17:42,680 --> 00:17:45,720
Finance wants a name, engineering wants proof it's safe to change,

459
00:17:45,720 --> 00:17:49,240
the platform team wants to avoid breaking workloads it doesn't own.

460
00:17:49,240 --> 00:17:51,080
And leadership wants the bill to stop growing

461
00:17:51,080 --> 00:17:53,480
without having to learn what a private endpoint is.

462
00:17:53,480 --> 00:17:56,280
Over time, the enterprise adapts in the worst possible way.

463
00:17:56,280 --> 00:17:57,720
It normalizes the unknown.

464
00:17:57,720 --> 00:17:59,320
Cloud is just expensive.

465
00:17:59,320 --> 00:18:00,680
It's probably AI.

466
00:18:00,680 --> 00:18:02,280
It's probably security logging.

467
00:18:02,280 --> 00:18:03,800
It's probably the migration.

468
00:18:03,800 --> 00:18:07,240
The bill becomes weather, unpleasant, inevitable, and nobody's fault.

469
00:18:07,880 --> 00:18:10,280
Now the after-poster is not a dashboard upgrade.

470
00:18:10,280 --> 00:18:13,400
It's a subscription-vending model with enforced preconditions.

471
00:18:13,400 --> 00:18:16,360
A subscription cannot be created until it declares intent

472
00:18:16,360 --> 00:18:18,120
in a machine readable way.

473
00:18:18,120 --> 00:18:18,920
Who owns it?

474
00:18:18,920 --> 00:18:20,120
What budget it has?

475
00:18:20,120 --> 00:18:21,640
What environment it is?

476
00:18:21,640 --> 00:18:23,240
What it is allowed to deploy?

477
00:18:23,240 --> 00:18:25,000
And how escalation works?

478
00:18:25,000 --> 00:18:26,440
Ownership is not a wiki page.

479
00:18:26,440 --> 00:18:28,920
It's metadata tied to the subscription itself

480
00:18:28,920 --> 00:18:31,640
and referenced by policy, budget actions, and routing.

481
00:18:31,640 --> 00:18:34,360
This is where budget thresholds stop being polite notifications

482
00:18:34,360 --> 00:18:36,040
and start being governance interrupts.

483
00:18:36,040 --> 00:18:38,360
A budget at 50% isn't your failing.

484
00:18:38,360 --> 00:18:40,760
It's you are deviating from expected behavior early enough

485
00:18:40,760 --> 00:18:42,280
to still have options.

486
00:18:42,280 --> 00:18:45,720
At 75% it escalates harder, not by spamming more people.

487
00:18:45,720 --> 00:18:49,080
By triggering the next step in the enterprise workflow,

488
00:18:49,080 --> 00:18:51,240
a ticket, a routing rule,

489
00:18:51,240 --> 00:18:54,280
an accountable owner who has to either justify the spend,

490
00:18:54,280 --> 00:18:57,320
fix the drift, or request an exception with an expiry.

491
00:18:57,320 --> 00:19:00,360
And yes, this is where the platform team will complain about friction.

492
00:19:00,360 --> 00:19:02,440
Good, friction is how the system signals

493
00:19:02,440 --> 00:19:03,880
that a decision is happening.

494
00:19:03,880 --> 00:19:05,480
The goal isn't to prevent spending.

495
00:19:05,480 --> 00:19:07,480
The goal is to prevent unreviewed spending.

496
00:19:07,480 --> 00:19:10,680
A subscription-vending model makes spend a conscious act again.

497
00:19:10,680 --> 00:19:13,880
Because it forces the enterprise to answer the questions it avoided,

498
00:19:13,880 --> 00:19:17,080
who owns this, what is it for, and what happens when it grows.

499
00:19:17,080 --> 00:19:18,680
You also get a second order effect

500
00:19:18,680 --> 00:19:20,920
that matters more than savings.

501
00:19:20,920 --> 00:19:23,880
Subscriptions sprawl collapses into a comprehensible structure.

502
00:19:23,880 --> 00:19:26,440
If every subscription has a named owner, a budget,

503
00:19:26,440 --> 00:19:28,360
and policy constraints align to purpose

504
00:19:28,360 --> 00:19:31,080
then when an anomaly happens, the investigation path is short.

505
00:19:31,080 --> 00:19:32,680
It becomes days, not months.

506
00:19:32,680 --> 00:19:35,240
And the organization stops paying for unknown spend,

507
00:19:35,240 --> 00:19:36,840
simply because it cannot allocate it.

508
00:19:36,840 --> 00:19:39,720
One caveat, don't pretend you can safely invent numbers here.

509
00:19:39,720 --> 00:19:43,320
The measurable outcome isn't we save 37%.

510
00:19:43,320 --> 00:19:46,200
The measurable outcome is reduction of unknown spend categories,

511
00:19:46,200 --> 00:19:47,800
faster anomaly detection cycles,

512
00:19:47,800 --> 00:19:50,440
and fewer often subscriptions that nobody can defend.

513
00:19:50,440 --> 00:19:52,440
And now the important transition,

514
00:19:52,440 --> 00:19:54,680
ownership alone doesn't solve allocation.

515
00:19:54,680 --> 00:19:57,080
If costs can't be attributed inside the subscription,

516
00:19:57,080 --> 00:19:59,160
down to product, environment, and life cycle,

517
00:19:59,160 --> 00:20:01,240
then subscription ownership becomes a blunt instrument.

518
00:20:01,240 --> 00:20:04,280
You end up with one owner holding a bag of costs they can't explain,

519
00:20:04,280 --> 00:20:06,040
which is where the next slide shows up.

520
00:20:06,040 --> 00:20:09,240
Tagging, tagging fails because it's treated as etiquette.

521
00:20:09,240 --> 00:20:12,040
Tagging is where most phenops programs go to die

522
00:20:12,040 --> 00:20:14,680
because enterprises treat it like manners.

523
00:20:14,680 --> 00:20:16,440
Please tag your resources.

524
00:20:16,440 --> 00:20:18,440
Here's the tagging standard.

525
00:20:18,440 --> 00:20:20,680
Don't forget your cost center.

526
00:20:20,680 --> 00:20:22,360
That language reveals the real posture.

527
00:20:22,360 --> 00:20:24,280
They're asking for compliance the way you ask people

528
00:20:24,280 --> 00:20:25,480
to rinse their dishes.

529
00:20:25,480 --> 00:20:27,880
And then they act surprised when the sink fills up.

530
00:20:27,880 --> 00:20:29,240
Tagging is not etiquette.

531
00:20:29,240 --> 00:20:31,160
Tagging is financial identity.

532
00:20:31,160 --> 00:20:33,720
If a resource doesn't carry ownership metadata,

533
00:20:33,720 --> 00:20:35,880
then it is not a resource in a managed system.

534
00:20:35,880 --> 00:20:38,120
It's a liability with an invoice attached.

535
00:20:38,120 --> 00:20:39,640
And if allocation depends on tags,

536
00:20:39,640 --> 00:20:42,280
then the platform must refuse to create resources without them.

537
00:20:42,280 --> 00:20:43,960
Humans will not do this consistently.

538
00:20:43,960 --> 00:20:44,760
They are busy.

539
00:20:44,760 --> 00:20:46,040
They are optimizing for delivery.

540
00:20:46,040 --> 00:20:47,080
They will forget.

541
00:20:47,080 --> 00:20:49,160
They will type, prod in one place,

542
00:20:49,160 --> 00:20:50,360
and prod in another.

543
00:20:50,360 --> 00:20:52,440
And Azure will treat those values as different

544
00:20:52,440 --> 00:20:55,080
because tag values are case sensitive.

545
00:20:55,080 --> 00:20:57,480
So you don't get slightly imperfect tagging.

546
00:20:57,480 --> 00:20:59,080
You get allocation collapse.

547
00:20:59,080 --> 00:21:01,560
This is what the failure actually looks like in an enterprise.

548
00:21:01,560 --> 00:21:03,400
Half the estate has tags, half doesn't.

549
00:21:03,880 --> 00:21:06,680
The tag half uses inconsistent keys and values.

550
00:21:06,680 --> 00:21:09,400
Cost center, cost center, cost center.

551
00:21:09,400 --> 00:21:12,520
Owner tags contain emails that belong to people who left.

552
00:21:12,520 --> 00:21:15,800
Environment tags say production, prod, PRD, and yes.

553
00:21:15,800 --> 00:21:17,800
Some teams tag at the resource group,

554
00:21:17,800 --> 00:21:19,240
some tag at the resource,

555
00:21:19,240 --> 00:21:22,200
some rely on terraform modules that never got updated,

556
00:21:22,200 --> 00:21:24,840
some deploy through the portal and don't see the field at all

557
00:21:24,840 --> 00:21:25,800
or they do,

558
00:21:25,800 --> 00:21:28,040
and they skip it because nothing stops them.

559
00:21:28,040 --> 00:21:30,360
Then finance shows up and asks for show back.

560
00:21:30,360 --> 00:21:34,680
Engineering says sure and produces a report that is 40% unallocated.

561
00:21:34,680 --> 00:21:36,760
The conversation immediately turns political,

562
00:21:36,760 --> 00:21:37,960
not because people are emotional

563
00:21:37,960 --> 00:21:40,120
but because the data is unusable.

564
00:21:40,120 --> 00:21:42,520
Every charge back discussion becomes an argument

565
00:21:42,520 --> 00:21:44,680
about whether the allocation rules are fair

566
00:21:44,680 --> 00:21:47,320
because the tags aren't reliable enough to be treated as truth.

567
00:21:47,320 --> 00:21:49,800
Then this is where cost entropy hides again.

568
00:21:49,800 --> 00:21:51,640
In the fear of deletion,

569
00:21:51,640 --> 00:21:54,760
when a resource is untagged, nobody can confidently delete it

570
00:21:54,760 --> 00:21:56,440
because nobody can prove ownership.

571
00:21:56,440 --> 00:21:58,440
So the safest move is to keep paying.

572
00:21:58,440 --> 00:22:01,160
Untagged resources become financial fossils,

573
00:22:01,160 --> 00:22:04,920
expensive, old, and politically protected by ambiguity.

574
00:22:04,920 --> 00:22:06,200
The hard rule is simple.

575
00:22:06,200 --> 00:22:08,120
If you require a tag for allocation,

576
00:22:08,120 --> 00:22:09,960
then you require it for deployment.

577
00:22:09,960 --> 00:22:12,200
That means the platform refuses to create resources

578
00:22:12,200 --> 00:22:14,760
that don't carry the minimum financial identity,

579
00:22:14,760 --> 00:22:18,600
owner, environment, and a product or cost center dimension.

580
00:22:18,600 --> 00:22:20,520
Not because those tags are magical,

581
00:22:20,520 --> 00:22:22,120
but because without them,

582
00:22:22,120 --> 00:22:24,600
the organization cannot route accountability

583
00:22:24,600 --> 00:22:28,120
and without routing, budgets and alerts become noise again.

584
00:22:28,120 --> 00:22:30,680
Azure gives you the enforcement mechanisms to do this

585
00:22:30,680 --> 00:22:32,200
and most enterprises still don't

586
00:22:32,200 --> 00:22:35,320
because they confuse being strict with being hostile.

587
00:22:35,320 --> 00:22:36,600
Here's what most people miss.

588
00:22:36,600 --> 00:22:38,600
Enforcement doesn't have to be punitive.

589
00:22:38,600 --> 00:22:39,960
It has to be deterministic.

590
00:22:39,960 --> 00:22:42,360
Use Azure policy, use deny where you must.

591
00:22:42,360 --> 00:22:44,280
Use modify where you can do it safely.

592
00:22:44,280 --> 00:22:46,600
Modify policies can auto-add baseline tags

593
00:22:46,600 --> 00:22:49,640
when they're missing or inherit tags from the resource group.

594
00:22:49,640 --> 00:22:54,200
That's a useful pattern when you can rely on a well-constructed resource group boundary

595
00:22:54,200 --> 00:22:56,760
but you can't treat inheritance as a substitute for governance.

596
00:22:56,760 --> 00:22:59,240
If teams can create arbitrary resource groups,

597
00:22:59,240 --> 00:23:02,200
then inheritance just moves the problem one layer down,

598
00:23:02,200 --> 00:23:03,720
so the correct posture is layered.

599
00:23:03,720 --> 00:23:08,280
Subscription-level tags establish ownership and budget responsibility.

600
00:23:08,280 --> 00:23:11,960
Resource group tags establish workload grouping and life cycle intent,

601
00:23:11,960 --> 00:23:15,240
resource tags handle exceptions and resource specific dimensions.

602
00:23:15,240 --> 00:23:16,680
And yes, you will need a taxonomy,

603
00:23:16,680 --> 00:23:19,720
but keep it small, six to eight tags that actually matter.

604
00:23:19,720 --> 00:23:22,120
Every extra tag is another chance for entropy.

605
00:23:22,120 --> 00:23:25,080
There's another uncomfortable truth hiding and tagging people lie

606
00:23:25,080 --> 00:23:26,440
when tags are optional.

607
00:23:26,440 --> 00:23:28,040
Not maliciously, operationally.

608
00:23:28,040 --> 00:23:30,600
If someone is blocked by a tag policy

609
00:23:30,600 --> 00:23:31,960
and they don't know the right value,

610
00:23:31,960 --> 00:23:33,960
they will pick something to get unblocked.

611
00:23:33,960 --> 00:23:36,040
That's why controlled vocabulary is matter.

612
00:23:36,040 --> 00:23:39,800
That's why free-text-owner tags turn into unknown and TBD and later.

613
00:23:39,800 --> 00:23:41,160
So if you want tagging to work,

614
00:23:41,160 --> 00:23:42,760
you don't just enforce presence.

615
00:23:42,760 --> 00:23:44,920
You enforce meaning, allowed values,

616
00:23:44,920 --> 00:23:47,480
normalized casing, clear ownership mapping,

617
00:23:47,480 --> 00:23:50,760
a real taxonomy tied to the org structure you actually operate,

618
00:23:50,760 --> 00:23:52,440
not the one in your HR system.

619
00:23:52,440 --> 00:23:53,320
And once you do that,

620
00:23:53,320 --> 00:23:55,640
once the platform refuses untag deployments,

621
00:23:55,640 --> 00:23:58,040
the entire FinOps conversation changes.

622
00:23:58,040 --> 00:24:00,440
Cost allocation stops being a quarterly negotiation.

623
00:24:00,440 --> 00:24:02,440
It becomes a boring mechanical process,

624
00:24:02,440 --> 00:24:03,640
which is exactly what you want,

625
00:24:03,640 --> 00:24:05,880
because boring means deterministic.

626
00:24:05,880 --> 00:24:07,960
Now to make this concrete,

627
00:24:07,960 --> 00:24:10,120
the next scenario is where tagging failure

628
00:24:10,120 --> 00:24:12,120
becomes financial archaeology,

629
00:24:12,120 --> 00:24:14,360
untagged resources, no ownership,

630
00:24:14,360 --> 00:24:16,600
and weeks of arguing about who pays.

631
00:24:16,600 --> 00:24:20,280
Scenario two, untagged resources and financial archaeology.

632
00:24:20,280 --> 00:24:22,600
Here's the scenario every enterprise recognizes,

633
00:24:22,600 --> 00:24:24,120
even if they pretend they don't.

634
00:24:24,120 --> 00:24:25,240
The cost spike shows up.

635
00:24:25,240 --> 00:24:26,840
Someone opens cost analysis.

636
00:24:26,840 --> 00:24:29,000
The top line item isn't a clear application name.

637
00:24:29,000 --> 00:24:31,160
It's a storage account with a random suffix,

638
00:24:31,160 --> 00:24:32,680
or a log analytics workspace,

639
00:24:32,680 --> 00:24:35,080
or a database server named like a developer sneezed

640
00:24:35,080 --> 00:24:36,040
on the keyboard,

641
00:24:36,040 --> 00:24:37,320
and the tags are empty.

642
00:24:37,320 --> 00:24:39,880
In the before posture, tagging was recommended,

643
00:24:39,880 --> 00:24:41,960
which means it was ignored whenever delivery pressure

644
00:24:41,960 --> 00:24:43,560
was higher than etiquette.

645
00:24:43,560 --> 00:24:45,240
Finance can't allocate the cost.

646
00:24:45,240 --> 00:24:47,320
Engineering can't tell who owns the resource.

647
00:24:47,320 --> 00:24:49,160
The platform team can't safely delete it.

648
00:24:49,160 --> 00:24:52,760
So everyone does the only thing the enterprise teaches them to do.

649
00:24:52,760 --> 00:24:54,040
They investigate slowly,

650
00:24:54,040 --> 00:24:55,000
and they keep paying.

651
00:24:55,000 --> 00:24:57,560
This is what financial archaeology looks like in practice.

652
00:24:57,560 --> 00:25:01,160
First, someone tries to infer ownership from the resource name

653
00:25:01,160 --> 00:25:03,640
that fails because naming standards are aspirational

654
00:25:03,640 --> 00:25:05,000
and time erodes them.

655
00:25:05,000 --> 00:25:07,880
Then they search activity logs for who created it.

656
00:25:07,880 --> 00:25:09,000
That fails in two common ways.

657
00:25:09,000 --> 00:25:10,600
The identity is a service principle shared

658
00:25:10,600 --> 00:25:11,800
by multiple pipelines,

659
00:25:11,800 --> 00:25:13,080
or the creator left the company.

660
00:25:13,080 --> 00:25:14,360
Then they look for connections,

661
00:25:14,360 --> 00:25:16,440
peering private endpoint diagnostic settings,

662
00:25:16,440 --> 00:25:18,520
linked workspaces to determine impact.

663
00:25:18,520 --> 00:25:19,720
That becomes a graph problem,

664
00:25:19,720 --> 00:25:21,960
and graph problems don't finish in a meeting.

665
00:25:21,960 --> 00:25:24,360
So the resource survives, the cost continues.

666
00:25:24,360 --> 00:25:26,760
And a week later you have a second untanked resource

667
00:25:26,760 --> 00:25:28,200
because the system learned nothing.

668
00:25:28,200 --> 00:25:29,480
Here's the key insight.

669
00:25:29,480 --> 00:25:31,960
Untanked resources don't just prevent allocation.

670
00:25:31,960 --> 00:25:33,640
They prevent intervention.

671
00:25:33,640 --> 00:25:37,400
Because deletion in an enterprise is a political act disguised as a technical act.

672
00:25:37,400 --> 00:25:39,480
If you can't name the owner, you can't escalate.

673
00:25:39,480 --> 00:25:41,400
If you can't escalate, you can't get approval.

674
00:25:41,400 --> 00:25:43,320
If you can't get approval, you don't delete.

675
00:25:43,320 --> 00:25:45,640
The resource becomes too risky to touch,

676
00:25:45,640 --> 00:25:47,720
which is the most expensive category in Azure.

677
00:25:47,720 --> 00:25:51,560
Now the after-poster is not, we reminded people harder.

678
00:25:51,560 --> 00:25:54,280
It's enforced tagging as a deployment precondition.

679
00:25:54,280 --> 00:25:57,160
In production, the platform denies resource creation

680
00:25:57,160 --> 00:25:59,400
when the minimum financial identity is missing.

681
00:25:59,400 --> 00:26:01,640
Not later, not in a monthly report.

682
00:26:01,640 --> 00:26:03,400
At the moment of creation, that sounds harsh

683
00:26:03,400 --> 00:26:05,320
until you realize what it actually does.

684
00:26:05,320 --> 00:26:07,640
It forces the ownership conversation to happen

685
00:26:07,640 --> 00:26:09,240
while change is still cheap.

686
00:26:09,240 --> 00:26:11,240
When the engineer is still at their keyboard.

687
00:26:11,240 --> 00:26:13,240
When the pipeline can still fail fast.

688
00:26:13,240 --> 00:26:16,200
When the workload is still a proposal, not a dependency.

689
00:26:16,200 --> 00:26:18,600
And yes, you will use two different policy effects

690
00:26:18,600 --> 00:26:20,520
depending on what you're protecting.

691
00:26:20,520 --> 00:26:23,320
For baseline tags that are safe to apply universally,

692
00:26:23,320 --> 00:26:25,560
you use modify to add or normalize.

693
00:26:25,560 --> 00:26:28,440
A common pattern is to inherit owner and cost center

694
00:26:28,440 --> 00:26:30,280
from the subscription or resource group

695
00:26:30,280 --> 00:26:32,120
where that identity is already declared.

696
00:26:32,120 --> 00:26:34,120
That's how you avoid making every engineer type

697
00:26:34,120 --> 00:26:36,280
the same metadata 400 times.

698
00:26:36,280 --> 00:26:37,560
But for production workloads,

699
00:26:37,560 --> 00:26:40,280
you also use deny for missing or invalid tags.

700
00:26:40,280 --> 00:26:42,360
Because allocation that depends on best effort

701
00:26:42,360 --> 00:26:44,920
is just a slower version of untagged chaos.

702
00:26:44,920 --> 00:26:46,520
This is where value standards matter.

703
00:26:46,520 --> 00:26:50,360
If the tag key exists, but the value is TBD, nothing improved.

704
00:26:50,360 --> 00:26:52,680
So you constrain values, controlled casing,

705
00:26:52,680 --> 00:26:55,240
allowed environments, approved cost centers,

706
00:26:55,240 --> 00:26:57,240
known owner formats, it's not bureaucracy,

707
00:26:57,240 --> 00:26:59,560
it's how you keep allocation deterministic.

708
00:26:59,560 --> 00:27:01,560
Now the architecture move that makes this stick

709
00:27:01,560 --> 00:27:04,120
is to normalize tags to ownership boundaries.

710
00:27:04,120 --> 00:27:05,960
The subscription holds accountable ownership

711
00:27:05,960 --> 00:27:07,720
and budget responsibility.

712
00:27:07,720 --> 00:27:09,720
The resource group holds workload grouping

713
00:27:09,720 --> 00:27:11,080
and life cycle intent.

714
00:27:11,080 --> 00:27:13,640
Individual resources only carry special cases

715
00:27:13,640 --> 00:27:15,400
because special cases multiply.

716
00:27:15,400 --> 00:27:19,000
If you don't build that hierarchy, tags become another entropy generator,

717
00:27:19,000 --> 00:27:22,280
endlessly debated, inconsistently applied, and never trusted.

718
00:27:22,280 --> 00:27:25,480
With enforcement in place, the operational behavior changes immediately.

719
00:27:25,480 --> 00:27:27,640
Engineering stops treating tags like paperwork

720
00:27:27,640 --> 00:27:30,840
because the platform refuses to deploy without them.

721
00:27:30,840 --> 00:27:33,640
Finance stops treating allocation like a quarterly negotiation

722
00:27:33,640 --> 00:27:35,160
because the data is complete.

723
00:27:35,160 --> 00:27:38,360
And leadership stops hearing we can't tell as an excuse

724
00:27:38,360 --> 00:27:41,640
because the system no longer allows we can't tell resources

725
00:27:41,640 --> 00:27:43,240
to exist in the first place.

726
00:27:43,240 --> 00:27:45,400
The measurable outcome isn't a fantasy percentage,

727
00:27:45,400 --> 00:27:47,160
it's something you can actually verify.

728
00:27:47,160 --> 00:27:49,480
The unallocated bucket shrinks towards zero,

729
00:27:49,480 --> 00:27:50,680
not because people got better

730
00:27:50,680 --> 00:27:53,560
because the control plane stopped accepting ambiguity.

731
00:27:53,560 --> 00:27:55,400
And once attribution becomes boring,

732
00:27:55,400 --> 00:27:57,080
showback and chargeback become boring too,

733
00:27:57,080 --> 00:27:58,120
which is the entire point,

734
00:27:58,120 --> 00:28:01,240
you want the cost conversation to be factual, not political.

735
00:28:01,240 --> 00:28:03,240
Now there's a second order consequence

736
00:28:03,240 --> 00:28:05,400
that shows up right after tagging gets enforced.

737
00:28:05,400 --> 00:28:07,400
Once teams can't hide behind ambiguity,

738
00:28:07,400 --> 00:28:09,160
they hide behind safety.

739
00:28:09,160 --> 00:28:11,240
They start over-provisioning by default

740
00:28:11,240 --> 00:28:12,920
because cost is now visible,

741
00:28:12,920 --> 00:28:15,720
but operational risk still hurts more than the bill.

742
00:28:15,720 --> 00:28:17,000
That's the next failure mode,

743
00:28:17,000 --> 00:28:19,560
premium tiers and multi-region by reflex.

744
00:28:19,560 --> 00:28:22,440
Scenario three, pass over-provisioning by default.

745
00:28:22,440 --> 00:28:24,600
Once tagging and ownership become real,

746
00:28:24,600 --> 00:28:26,200
teams lose the ability to hide,

747
00:28:26,200 --> 00:28:27,480
so they switch strategies.

748
00:28:27,480 --> 00:28:29,000
They hide behind safety.

749
00:28:29,000 --> 00:28:31,640
This is where power turns into a quiet budget murderer

750
00:28:31,640 --> 00:28:34,280
because power as defaults are easy to justify

751
00:28:34,280 --> 00:28:35,800
and hard to unwind.

752
00:28:35,800 --> 00:28:37,880
A developer doesn't have to rack servers anymore.

753
00:28:37,880 --> 00:28:39,640
They click a tier, they pick redundancy,

754
00:28:39,640 --> 00:28:41,720
they enable the features that sound responsible

755
00:28:41,720 --> 00:28:44,840
and nobody stops them because the platform treats premium

756
00:28:44,840 --> 00:28:46,600
as just another valid choice.

757
00:28:46,600 --> 00:28:49,320
In the before posture, over-provisioning isn't malicious.

758
00:28:49,320 --> 00:28:52,040
It's rational engineers are accountable for availability.

759
00:28:52,040 --> 00:28:53,640
They get paged for latency,

760
00:28:53,640 --> 00:28:54,920
they get blamed for downtime,

761
00:28:54,920 --> 00:28:57,480
they do not get praised for choosing the cheaper SKU.

762
00:28:57,480 --> 00:28:59,160
So when faced with uncertainty,

763
00:28:59,160 --> 00:29:01,960
they pick the tier that reduces operational risk,

764
00:29:01,960 --> 00:29:04,120
premium database tier just in case.

765
00:29:04,120 --> 00:29:05,800
Multisone, because what if?

766
00:29:05,800 --> 00:29:09,000
Multiregion because the business might need it later.

767
00:29:09,000 --> 00:29:11,400
Diagnostic retention because security might ask,

768
00:29:11,400 --> 00:29:14,200
each of those decisions can be individually defensible.

769
00:29:14,200 --> 00:29:16,200
Collectively, they are financial entropy

770
00:29:16,200 --> 00:29:17,400
and PAS makes it worse

771
00:29:17,400 --> 00:29:19,800
because it's designed to abstract capacity decisions.

772
00:29:19,800 --> 00:29:21,080
That's the selling point.

773
00:29:21,080 --> 00:29:22,760
But abstraction doesn't remove cost.

774
00:29:22,760 --> 00:29:24,680
It removes friction and when you remove friction

775
00:29:24,680 --> 00:29:27,560
in a large organization, consumption expands

776
00:29:27,560 --> 00:29:28,680
until a boundary stops it.

777
00:29:28,680 --> 00:29:30,280
Most enterprises don't build that boundary.

778
00:29:30,280 --> 00:29:32,600
They treat PAS like it's inherently optimized

779
00:29:32,600 --> 00:29:34,680
because Microsoft marketing implies that it is.

780
00:29:34,680 --> 00:29:35,240
It is not.

781
00:29:35,240 --> 00:29:38,040
It is a set of cost curves you must choose deliberately.

782
00:29:38,040 --> 00:29:39,800
So here's the real failure mechanism.

783
00:29:39,800 --> 00:29:42,120
Teams externalize the cost of safety.

784
00:29:42,120 --> 00:29:43,480
They buy safety with your budget

785
00:29:43,480 --> 00:29:44,600
and the platform lets them.

786
00:29:44,600 --> 00:29:46,520
The after-posture isn't telling engineers

787
00:29:46,520 --> 00:29:47,640
to be more careful.

788
00:29:47,640 --> 00:29:49,640
It's forcing the platform to distinguish

789
00:29:49,640 --> 00:29:51,400
between environments and intents.

790
00:29:51,400 --> 00:29:52,280
Dev is not prod.

791
00:29:52,280 --> 00:29:53,240
Test is not prod.

792
00:29:53,240 --> 00:29:55,320
A sandbox is not a customer facing service.

793
00:29:55,320 --> 00:29:57,720
If you allow the same skill catalog everywhere,

794
00:29:57,720 --> 00:30:00,040
you are telling every team in every environment

795
00:30:00,040 --> 00:30:01,800
that the enterprise is comfortable paying

796
00:30:01,800 --> 00:30:03,640
for worst-case assumptions by default.

797
00:30:03,640 --> 00:30:05,480
That is not governance.

798
00:30:05,480 --> 00:30:07,240
That is surrender.

799
00:30:07,240 --> 00:30:09,880
The control is simple and it's always unpopular at first.

800
00:30:09,880 --> 00:30:11,480
Allow the skills per environment.

801
00:30:11,480 --> 00:30:13,720
In non-production, deny premium tiers

802
00:30:13,720 --> 00:30:15,640
unless there is an explicit exception.

803
00:30:15,640 --> 00:30:18,200
In production, don't deny everything.

804
00:30:18,200 --> 00:30:21,080
But constrain the choices to a set you can defend.

805
00:30:21,080 --> 00:30:23,080
Tears that match real SLOs,

806
00:30:23,080 --> 00:30:24,840
actual throughput requirements

807
00:30:24,840 --> 00:30:27,400
and resilience patterns you've agreed to pay for.

808
00:30:27,400 --> 00:30:29,560
This is where Azure Policy stops being compliance

809
00:30:29,560 --> 00:30:31,400
and starts being cost engineering.

810
00:30:31,400 --> 00:30:34,360
You define policy rules that deny specific SKUs

811
00:30:34,360 --> 00:30:37,240
or deny specific features outside approved scopes.

812
00:30:37,240 --> 00:30:38,200
You restrict regions.

813
00:30:38,200 --> 00:30:41,000
You restrict redundancy options where they don't make sense.

814
00:30:41,000 --> 00:30:42,600
You can also enforce patterns.

815
00:30:42,600 --> 00:30:45,080
Prod databases must have backups configured.

816
00:30:45,080 --> 00:30:47,800
But dev databases must not be zone redundant

817
00:30:47,800 --> 00:30:50,680
because zone redundancy in dev is just expensive cosplay.

818
00:30:50,680 --> 00:30:53,080
And yes, someone will argue that policy can't cover

819
00:30:53,080 --> 00:30:54,520
every past configuration perfectly.

820
00:30:54,520 --> 00:30:55,320
That's true.

821
00:30:55,320 --> 00:30:57,080
But the point isn't perfect coverage.

822
00:30:57,080 --> 00:30:59,000
The point is removing default freedom

823
00:30:59,000 --> 00:31:01,560
where default freedom creates default overspend.

824
00:31:01,560 --> 00:31:03,560
Now the weird part, exceptions don't go away.

825
00:31:03,560 --> 00:31:04,520
They never do.

826
00:31:04,520 --> 00:31:06,840
So you treat exceptions as what they are.

827
00:31:06,840 --> 00:31:08,200
Entropy generators.

828
00:31:08,200 --> 00:31:11,160
An exception should be tracked, justified, and time-boxed.

829
00:31:11,160 --> 00:31:13,640
Not because the justification is morally important,

830
00:31:13,640 --> 00:31:15,400
but because time is the only thing

831
00:31:15,400 --> 00:31:17,960
that prevents an exception from becoming the new baseline.

832
00:31:17,960 --> 00:31:20,920
An exception without an expiry is policy rot.

833
00:31:20,920 --> 00:31:23,800
A premium SKU approval that lasts forever is not an approval.

834
00:31:23,800 --> 00:31:25,240
It's a quiet surrender

835
00:31:25,240 --> 00:31:27,800
that the platform will remember longer than your org chart.

836
00:31:27,800 --> 00:31:30,600
So the after-poster includes an exception workflow.

837
00:31:30,600 --> 00:31:34,120
When a team needs a premium tier in a non-prod subscription,

838
00:31:34,120 --> 00:31:34,920
they request it.

839
00:31:34,920 --> 00:31:37,240
They state why they pick an expiry date.

840
00:31:37,240 --> 00:31:39,800
The platform team grants an exemption at the policy layer

841
00:31:39,800 --> 00:31:42,600
not by giving someone owner and hoping they behave.

842
00:31:42,600 --> 00:31:45,000
Then the exemption expires automatically

843
00:31:45,000 --> 00:31:47,160
and the team has to renew it with intent

844
00:31:47,160 --> 00:31:48,680
or fall back to the baseline.

845
00:31:48,680 --> 00:31:50,440
That's how you stop premium sprawl

846
00:31:50,440 --> 00:31:52,200
from becoming permanent architecture.

847
00:31:52,200 --> 00:31:53,880
The outcome isn't just cost reduction.

848
00:31:53,880 --> 00:31:55,480
It's fewer emergency rollbacks.

849
00:31:55,480 --> 00:31:58,200
Because the enterprise stops discovering cost explosions

850
00:31:58,200 --> 00:31:59,000
after they happen.

851
00:31:59,000 --> 00:32:00,520
It discovers them at deploy time.

852
00:32:00,520 --> 00:32:01,640
The pipeline fails.

853
00:32:01,640 --> 00:32:03,160
The team sees the denial.

854
00:32:03,160 --> 00:32:05,080
They either adjust to the approved tier

855
00:32:05,080 --> 00:32:06,760
or escalate with a conscious decision.

856
00:32:06,760 --> 00:32:10,280
That is a healthier failure mode than an invoice time surprise.

857
00:32:10,280 --> 00:32:12,040
And it has a second order benefit.

858
00:32:12,040 --> 00:32:13,960
The team starts designing for efficiency

859
00:32:13,960 --> 00:32:15,880
because the platform forces them too.

860
00:32:15,880 --> 00:32:19,000
If premium is harder to get, engineers invest in better indexing,

861
00:32:19,000 --> 00:32:20,680
better caching, better query patterns,

862
00:32:20,680 --> 00:32:21,960
better scaling strategies.

863
00:32:21,960 --> 00:32:23,400
Not because they became saints,

864
00:32:23,400 --> 00:32:25,800
because the control plane changed the incentives.

865
00:32:25,800 --> 00:32:27,640
Now there's one more place where this pattern

866
00:32:27,640 --> 00:32:29,960
becomes pathological non-production.

867
00:32:29,960 --> 00:32:32,360
Because non-prod is where teams feel the least financial pain

868
00:32:32,360 --> 00:32:34,520
so it becomes the landfill for over-provisioning,

869
00:32:34,520 --> 00:32:36,840
abandoned experiments and temporary environments

870
00:32:36,840 --> 00:32:37,560
that never die.

871
00:32:37,560 --> 00:32:38,280
That's next.

872
00:32:38,280 --> 00:32:39,240
scenario 4.

873
00:32:39,240 --> 00:32:41,160
Unbounded non-production spend.

874
00:32:41,160 --> 00:32:44,040
Non-production is where Azure budgets go to be embarrassed.

875
00:32:44,040 --> 00:32:45,240
In the before posture,

876
00:32:45,240 --> 00:32:47,800
Devin test are treated like free real estate.

877
00:32:47,800 --> 00:32:49,080
It's not prod,

878
00:32:49,080 --> 00:32:51,080
so nobody bothers with budgets.

879
00:32:51,080 --> 00:32:52,280
Nobody sets thresholds.

880
00:32:52,280 --> 00:32:54,520
Nobody defines what done means for an environment.

881
00:32:54,520 --> 00:32:57,480
And because nobody gets paged when dev costs spike,

882
00:32:57,480 --> 00:32:59,400
the platform quietly turns non-prod

883
00:32:59,400 --> 00:33:02,760
into the largest, least defended surface area of recurring spend.

884
00:33:02,760 --> 00:33:04,440
The failure pattern is always the same.

885
00:33:04,440 --> 00:33:06,920
A team spins up a full stack environment for a sprint.

886
00:33:06,920 --> 00:33:08,360
It was supposed to be temporary.

887
00:33:08,360 --> 00:33:09,080
It isn't.

888
00:33:09,080 --> 00:33:10,920
Another team creates a parallel environment

889
00:33:10,920 --> 00:33:12,600
because the first one is messy

890
00:33:12,600 --> 00:33:14,040
and they don't want to touch it.

891
00:33:14,040 --> 00:33:17,000
Someone enables extra diagnostics just for troubleshooting

892
00:33:17,000 --> 00:33:18,280
and never turns it off.

893
00:33:18,280 --> 00:33:19,960
An internal demo needs more capacity

894
00:33:19,960 --> 00:33:22,520
so the tier gets bumped up and never comes back down.

895
00:33:22,520 --> 00:33:24,360
Then a few of these environments get connected

896
00:33:24,360 --> 00:33:25,720
to shared services,

897
00:33:25,720 --> 00:33:26,920
log ingestion,

898
00:33:26,920 --> 00:33:28,520
private endpoints, hubs,

899
00:33:28,520 --> 00:33:31,080
and now even deleting the compute doesn't stop the bill

900
00:33:31,080 --> 00:33:33,000
because the dependencies keep running.

901
00:33:33,000 --> 00:33:35,800
And because non-prod is full of experimentation,

902
00:33:35,800 --> 00:33:38,200
nobody wants to be the person who deletes the wrong thing.

903
00:33:38,200 --> 00:33:39,400
So they don't delete anything.

904
00:33:39,400 --> 00:33:41,400
That's why non-prod becomes a cost landfill.

905
00:33:41,400 --> 00:33:43,400
It's the intersection of low accountability,

906
00:33:43,400 --> 00:33:44,520
high-change velocity,

907
00:33:44,520 --> 00:33:46,200
and fear-driven retention.

908
00:33:46,200 --> 00:33:48,760
Those three forces always produce the same outcome.

909
00:33:48,760 --> 00:33:51,320
Resources outlive the work that justified them.

910
00:33:51,320 --> 00:33:54,840
This is also where the enterprise commits its most common cost lie.

911
00:33:54,840 --> 00:33:56,600
It's cheap compared to prod.

912
00:33:56,600 --> 00:33:58,680
That statement is usually true in isolation.

913
00:33:58,680 --> 00:34:00,280
It's just irrelevant.

914
00:34:00,280 --> 00:34:01,880
Non-prod isn't supposed to be cheap.

915
00:34:01,880 --> 00:34:03,320
It's supposed to be bounded.

916
00:34:03,320 --> 00:34:06,120
The point of non-prod is to support delivery

917
00:34:06,120 --> 00:34:07,080
with a known purpose

918
00:34:07,080 --> 00:34:08,920
and a known financial blast radius.

919
00:34:08,920 --> 00:34:11,960
If dev test can run indefinitely at any SKU

920
00:34:11,960 --> 00:34:14,040
with no budget and no life cycle rule,

921
00:34:14,040 --> 00:34:16,200
then it stops being a delivery capability

922
00:34:16,200 --> 00:34:18,760
and becomes a parallel cloud estate with no governance.

923
00:34:18,760 --> 00:34:20,920
In other words, you build a second as your environment

924
00:34:20,920 --> 00:34:21,960
inside your first one.

925
00:34:21,960 --> 00:34:24,120
So the after-poster starts with the most boring

926
00:34:24,120 --> 00:34:25,800
but effective design move.

927
00:34:25,800 --> 00:34:27,560
Separate non-production subscriptions.

928
00:34:27,560 --> 00:34:29,320
Not resource groups, not tags.

929
00:34:29,320 --> 00:34:30,600
Subscriptions.

930
00:34:30,600 --> 00:34:34,040
When non-prod lives inside the same subscription as prod,

931
00:34:34,040 --> 00:34:36,200
it inherits prod-level permissions,

932
00:34:36,200 --> 00:34:39,080
prod-level SKU freedom and prod-level ambiguity.

933
00:34:39,080 --> 00:34:41,720
People will also use prod subscriptions

934
00:34:41,720 --> 00:34:43,720
for non-prod work temporarily

935
00:34:43,720 --> 00:34:44,760
because it's convenient.

936
00:34:44,760 --> 00:34:47,080
Separate subscriptions remove that pathway.

937
00:34:47,080 --> 00:34:48,280
They create a clean boundary

938
00:34:48,280 --> 00:34:51,080
where policies can be strict without breaking production.

939
00:34:51,080 --> 00:34:53,320
And now you do something enterprises almost never do.

940
00:34:53,320 --> 00:34:56,600
You treat non-prod budgets as aggressive by design.

941
00:34:56,600 --> 00:34:58,360
Non-prod budgets are not there to track.

942
00:34:58,360 --> 00:35:00,200
They are there to interrupt behavior early.

943
00:35:00,200 --> 00:35:02,920
50% and 70% thresholds aren't warnings.

944
00:35:02,920 --> 00:35:04,040
They are scheduled friction.

945
00:35:04,040 --> 00:35:06,200
They force someone to explain why dev is burning through.

946
00:35:06,200 --> 00:35:08,520
It's expected envelope halfway through the cycle.

947
00:35:08,520 --> 00:35:10,360
And because it's non-prod, you can actually act.

948
00:35:10,360 --> 00:35:11,320
You can scale down.

949
00:35:11,320 --> 00:35:12,360
You can shut things off.

950
00:35:12,360 --> 00:35:13,480
You can delete environments.

951
00:35:13,480 --> 00:35:14,760
You can deny premium tiers.

952
00:35:14,760 --> 00:35:16,040
You can restrict regions.

953
00:35:16,040 --> 00:35:17,640
You can enforce short-lock retention.

954
00:35:17,640 --> 00:35:19,480
You can stop pretending that a dev environment

955
00:35:19,480 --> 00:35:22,840
needs the same resilience posture as customer facing revenue.

956
00:35:22,840 --> 00:35:25,400
This is where automation stops being optimization

957
00:35:25,400 --> 00:35:27,720
and becomes enforcement amplification.

958
00:35:27,720 --> 00:35:29,160
The default posture in non-prod

959
00:35:29,160 --> 00:35:30,360
should be that things turn off

960
00:35:30,360 --> 00:35:32,120
unless someone actively keeps them on.

961
00:35:32,120 --> 00:35:35,640
Schedules, auto shutdown, life cycle rules, whatever mechanism you use,

962
00:35:35,640 --> 00:35:37,000
the intent is the same.

963
00:35:37,000 --> 00:35:40,760
The platform should require explicit justification for idle runtime

964
00:35:40,760 --> 00:35:42,760
because idle runtime is not innovation.

965
00:35:42,760 --> 00:35:43,560
It's just billing.

966
00:35:43,560 --> 00:35:46,680
Now there's a predictable pushback here.

967
00:35:46,680 --> 00:35:48,600
But developers need flexibility.

968
00:35:48,600 --> 00:35:49,240
Yes, they do.

969
00:35:49,240 --> 00:35:50,920
That's why the goal isn't to ban spend.

970
00:35:50,920 --> 00:35:52,120
It's to encode purposes.

971
00:35:52,120 --> 00:35:55,400
If a team needs a larger environment for performance testing, fine.

972
00:35:55,400 --> 00:35:57,240
But it should happen through an approved path.

973
00:35:57,240 --> 00:35:59,320
Time boxed, budgeted, and visible.

974
00:35:59,320 --> 00:36:01,000
The platform can allow the exception

975
00:36:01,000 --> 00:36:02,760
while keeping the baseline strict.

976
00:36:02,760 --> 00:36:05,560
Without that, flexibility just becomes another word

977
00:36:05,560 --> 00:36:07,080
for architectural erosion.

978
00:36:07,080 --> 00:36:08,760
The outcome is also predictable

979
00:36:08,760 --> 00:36:11,720
and it's measurable without inventing magic savings numbers.

980
00:36:11,720 --> 00:36:14,680
First, you reduce the number of long-lived idle environments

981
00:36:14,680 --> 00:36:16,600
because they get shut down by default.

982
00:36:16,600 --> 00:36:18,760
Second, you surface rogue environments early

983
00:36:18,760 --> 00:36:20,920
because budgets fire when spent deviates

984
00:36:20,920 --> 00:36:23,400
and the deviation can't hide in a shared scope.

985
00:36:23,400 --> 00:36:25,800
Third, you force teams to make conscious choices

986
00:36:25,800 --> 00:36:27,320
about what they're paying for in non-prod

987
00:36:27,320 --> 00:36:28,920
which changes behavior faster

988
00:36:28,920 --> 00:36:31,320
than any cost-awareness campaign ever will.

989
00:36:31,320 --> 00:36:32,680
And here's the real payoff.

990
00:36:32,680 --> 00:36:35,640
The organization stops treating dev tests as a junk draw.

991
00:36:35,640 --> 00:36:38,680
Non-production becomes what it was supposed to be

992
00:36:38,680 --> 00:36:41,240
and intentionally bounded delivery capability.

993
00:36:41,240 --> 00:36:43,240
Not an unbounded parallel cloud estate.

994
00:36:43,240 --> 00:36:45,880
Now, even with clean, non-prod boundaries,

995
00:36:45,880 --> 00:36:47,960
there's still one category of spend

996
00:36:47,960 --> 00:36:51,560
that loves to evade accountability, shared platform services.

997
00:36:51,560 --> 00:36:54,760
Because once you centralize networking, logging, and security,

998
00:36:54,760 --> 00:36:57,160
you've built a cost engine that every team depends on

999
00:36:57,160 --> 00:36:58,280
but few teams can see.

1000
00:36:58,280 --> 00:36:59,560
That's the next failure mode.

1001
00:36:59,560 --> 00:37:03,800
Scenario 5, shared platform services with no cost signal,

1002
00:37:03,800 --> 00:37:07,560
shared platform services are where good intentions go to inflate quietly.

1003
00:37:07,560 --> 00:37:10,360
In the before posture, the organization centralizes

1004
00:37:10,360 --> 00:37:14,200
the expensive fundamentals, hub networking, firewalls,

1005
00:37:14,200 --> 00:37:18,600
private DNS, log analytics, Sentinel, Defender plans,

1006
00:37:18,600 --> 00:37:21,800
central key vault patterns, shared container registries,

1007
00:37:21,800 --> 00:37:25,160
monitoring pipelines, maybe an enterprise API gateway.

1008
00:37:25,160 --> 00:37:27,400
All of it is deployed for everyone,

1009
00:37:27,400 --> 00:37:29,560
which sounds efficient and it can be.

1010
00:37:29,560 --> 00:37:32,760
But the cost signal usually disappears the moment it becomes shared

1011
00:37:32,760 --> 00:37:35,000
because those services are built to somewhere,

1012
00:37:35,000 --> 00:37:36,600
a platform subscription,

1013
00:37:36,600 --> 00:37:39,560
a connectivity subscription, a management subscription,

1014
00:37:39,560 --> 00:37:42,280
a catch all that's treated like a necessary tax.

1015
00:37:42,280 --> 00:37:45,080
The application team's consumer, depend on it,

1016
00:37:45,080 --> 00:37:47,240
and then optimize only their own resource groups

1017
00:37:47,240 --> 00:37:49,560
because that's what they can see and what they're measured on.

1018
00:37:49,560 --> 00:37:53,240
So the platform spend becomes a black hole with a justification attached.

1019
00:37:53,240 --> 00:37:55,400
Here's the operational behavior that follows.

1020
00:37:55,400 --> 00:37:58,680
Logangestion grows because every team enables diagnostics

1021
00:37:58,680 --> 00:38:01,000
at maximum verbosity temporarily,

1022
00:38:01,000 --> 00:38:02,920
and nobody owns the retention curve.

1023
00:38:02,920 --> 00:38:06,600
Network egress grows because architecture sprawl across regions,

1024
00:38:06,600 --> 00:38:09,880
vnet's peer-like IV and traffic routes get fixed

1025
00:38:09,880 --> 00:38:11,640
in ways that are correct for availability

1026
00:38:11,640 --> 00:38:13,400
but catastrophic for cost.

1027
00:38:13,400 --> 00:38:17,640
Security tooling grows because every new capability adds another build meter,

1028
00:38:17,640 --> 00:38:20,600
and the platform team is incentivized to be safer, not cheaper,

1029
00:38:20,600 --> 00:38:22,280
and because it's shared, nobody feels it.

1030
00:38:22,280 --> 00:38:24,120
The app team doesn't feel the firewall build,

1031
00:38:24,120 --> 00:38:27,000
the platform team doesn't feel the app team's birth traffic,

1032
00:38:27,000 --> 00:38:29,720
finance sees a line item labeled platform,

1033
00:38:29,720 --> 00:38:32,440
and gets told, "It's foundational," which is true.

1034
00:38:32,440 --> 00:38:34,760
It's also not an excuse for unbounded growth.

1035
00:38:34,760 --> 00:38:37,400
This is the core governance failure of shared services.

1036
00:38:37,400 --> 00:38:39,400
The enterprise funds a cost engine

1037
00:38:39,400 --> 00:38:42,600
without attaching economic feedback to the consumers of that engine,

1038
00:38:42,600 --> 00:38:45,800
without feedback consumption expands until it hits a crisis.

1039
00:38:45,800 --> 00:38:48,120
Then the crisis is framed as Azure is expensive

1040
00:38:48,120 --> 00:38:51,240
when it's actually shared services are unmetered internally.

1041
00:38:51,240 --> 00:38:55,240
The after-poster is not split everything into separate subscriptions.

1042
00:38:55,240 --> 00:38:56,200
That's not the point.

1043
00:38:56,200 --> 00:38:59,800
The point is to make shared costs legible and attributable

1044
00:38:59,800 --> 00:39:02,520
even when the underlying service must remain centralized.

1045
00:39:02,520 --> 00:39:05,080
So the first step is explicit platform subscriptions

1046
00:39:05,080 --> 00:39:06,840
with explicit accountability,

1047
00:39:06,840 --> 00:39:08,280
not the cloud team owns it,

1048
00:39:08,280 --> 00:39:10,840
a name platform owner, a documented service catalog,

1049
00:39:10,840 --> 00:39:13,320
a declared budget, early thresholds,

1050
00:39:13,320 --> 00:39:15,000
the same governance rules you demanded

1051
00:39:15,000 --> 00:39:16,600
for every workload subscription.

1052
00:39:16,600 --> 00:39:18,360
Because shared services don't get a pass,

1053
00:39:18,360 --> 00:39:21,880
they are the highest risk-spend category in the entire estate.

1054
00:39:21,880 --> 00:39:24,440
Then you add the piece everyone avoids.

1055
00:39:24,440 --> 00:39:27,720
An allocation model, not perfect, not theoretically pure,

1056
00:39:27,720 --> 00:39:30,680
just consistent, defensible, and repeatable.

1057
00:39:30,680 --> 00:39:33,080
Some shared costs can be allocated by usage.

1058
00:39:33,080 --> 00:39:35,480
Log analytics ingestion, sentinel data,

1059
00:39:35,480 --> 00:39:37,800
firewall processing metrics in some cases,

1060
00:39:37,800 --> 00:39:40,040
egressed by workload if you collect flow logs

1061
00:39:40,040 --> 00:39:42,600
and map them back to subscriptions or v-nets.

1062
00:39:42,600 --> 00:39:45,000
If you can measure consumption, allocate by consumption.

1063
00:39:45,000 --> 00:39:47,960
But many shared costs can't be allocated cleanly,

1064
00:39:47,960 --> 00:39:49,720
without building an internal billing system

1065
00:39:49,720 --> 00:39:50,920
that nobody wants.

1066
00:39:50,920 --> 00:39:53,640
So you use proportional allocation where you must.

1067
00:39:53,640 --> 00:39:55,240
Percentage by subscription spend,

1068
00:39:55,240 --> 00:39:58,040
percentage by headcount, percentage by throughput class,

1069
00:39:58,040 --> 00:39:59,560
whatever the business will accept

1070
00:39:59,560 --> 00:40:02,280
is stable enough to create a feedback loop.

1071
00:40:02,280 --> 00:40:04,840
The critical requirement isn't mathematical perfection.

1072
00:40:04,840 --> 00:40:06,520
The requirement is that shared spend

1073
00:40:06,520 --> 00:40:07,880
stops being invisible.

1074
00:40:07,880 --> 00:40:09,480
Because invisibility is what lets it grow

1075
00:40:09,480 --> 00:40:10,440
without design review.

1076
00:40:10,440 --> 00:40:12,280
This is also where showback and chargeback

1077
00:40:12,280 --> 00:40:14,120
stop being philosophical arguments

1078
00:40:14,120 --> 00:40:15,880
and become engineering inputs.

1079
00:40:15,880 --> 00:40:18,280
If an application team sees that their architecture is driving

1080
00:40:18,280 --> 00:40:20,040
a disproportionate share of log ingestion

1081
00:40:20,040 --> 00:40:21,160
or cross-region traffic,

1082
00:40:21,160 --> 00:40:23,240
the next design discussion changes.

1083
00:40:23,240 --> 00:40:25,480
Suddenly retention settings, sampling strategies,

1084
00:40:25,480 --> 00:40:27,320
diagnostics scope, entropology,

1085
00:40:27,320 --> 00:40:29,400
are not abstract platform concerns,

1086
00:40:29,400 --> 00:40:32,040
but their product decisions with financial consequences.

1087
00:40:32,040 --> 00:40:34,440
And yes, some teams will complain that it's unfair.

1088
00:40:34,440 --> 00:40:35,000
Good.

1089
00:40:35,000 --> 00:40:36,680
Fairness complaints are often the first sign

1090
00:40:36,680 --> 00:40:38,520
that cost signals are finally reaching the people

1091
00:40:38,520 --> 00:40:39,640
making the trade-offs.

1092
00:40:39,640 --> 00:40:42,280
Now, here's the part that most enterprises miss.

1093
00:40:42,280 --> 00:40:44,200
Shared platform costs should be discussed

1094
00:40:44,200 --> 00:40:46,120
as architectural constraints, not as builds.

1095
00:40:46,120 --> 00:40:49,400
If you centralize logging, you must also centralize logging policy.

1096
00:40:49,400 --> 00:40:51,800
Retention limits by environment, sampling defaults,

1097
00:40:51,800 --> 00:40:53,800
what debug means in production,

1098
00:40:53,800 --> 00:40:55,560
what data is worth paying to store.

1099
00:40:55,560 --> 00:40:56,920
If you centralize networking,

1100
00:40:56,920 --> 00:40:58,840
you must centralize topology standards,

1101
00:40:58,840 --> 00:41:00,440
where traffic is allowed to flow,

1102
00:41:00,440 --> 00:41:02,440
when cross-region is justified,

1103
00:41:02,440 --> 00:41:04,920
what services are allowed to punch through the hub.

1104
00:41:04,920 --> 00:41:07,720
Otherwise, the platform team becomes the custodian

1105
00:41:07,720 --> 00:41:10,280
of a cost-service area that everyone can expand

1106
00:41:10,280 --> 00:41:11,400
and no one can shrink.

1107
00:41:11,400 --> 00:41:12,920
So the outcome of the after-poster

1108
00:41:12,920 --> 00:41:14,200
is not just predictability,

1109
00:41:14,200 --> 00:41:16,120
it's earlier financial design decisions.

1110
00:41:16,120 --> 00:41:17,720
Platform cost becomes a known,

1111
00:41:17,720 --> 00:41:19,960
modeled component of architecture review.

1112
00:41:19,960 --> 00:41:21,800
It becomes part of landing zone standards,

1113
00:41:21,800 --> 00:41:23,960
it becomes part of exception governance.

1114
00:41:23,960 --> 00:41:25,240
And most importantly,

1115
00:41:25,240 --> 00:41:27,960
it stops being a mystery that shows up as a quarterly surprise.

1116
00:41:27,960 --> 00:41:29,720
Now, once platform costs are legible,

1117
00:41:29,720 --> 00:41:32,040
the enterprise usually makes its next mistake.

1118
00:41:32,040 --> 00:41:34,200
They treat budgets like household trackers.

1119
00:41:34,200 --> 00:41:36,360
That's next, budgets are intense signals,

1120
00:41:36,360 --> 00:41:37,640
not household trackers.

1121
00:41:37,640 --> 00:41:39,160
Budgets are the most misunderstood

1122
00:41:39,160 --> 00:41:40,360
Finops control in Azure,

1123
00:41:40,360 --> 00:41:41,960
and it's predictable why.

1124
00:41:41,960 --> 00:41:44,520
Most organizations use them like a household expense app.

1125
00:41:44,520 --> 00:41:47,080
Set a number, watch it panic when it turns red,

1126
00:41:47,080 --> 00:41:48,600
then do nothing meaningful,

1127
00:41:48,600 --> 00:41:50,440
because the month is basically over.

1128
00:41:50,440 --> 00:41:53,080
That is not what budgets are for in an enterprise cloud.

1129
00:41:53,080 --> 00:41:54,600
A budget is not a spending limit,

1130
00:41:54,600 --> 00:41:56,120
Azure will not stop your workloads,

1131
00:41:56,120 --> 00:41:58,040
Azure will not shut down your platform.

1132
00:41:58,040 --> 00:41:59,240
A budget is a signal.

1133
00:41:59,240 --> 00:42:01,880
It's the platform telling you that actual behavior

1134
00:42:01,880 --> 00:42:05,080
is diverging from declared intent early enough to intervene.

1135
00:42:05,080 --> 00:42:06,120
That distinction matters,

1136
00:42:06,120 --> 00:42:08,280
because budgets only work when they are attached

1137
00:42:08,280 --> 00:42:09,880
to ownership and action.

1138
00:42:09,880 --> 00:42:12,840
If a budget alert lands in a shared mailbox, it is theater.

1139
00:42:12,840 --> 00:42:14,520
If it lands with an accountable owner

1140
00:42:14,520 --> 00:42:16,280
who has both authority and consequence,

1141
00:42:16,280 --> 00:42:17,320
it becomes governance.

1142
00:42:17,320 --> 00:42:19,960
And if it lands early enough that changes are still cheap,

1143
00:42:19,960 --> 00:42:21,560
it becomes an operational interrupt,

1144
00:42:21,560 --> 00:42:23,000
not a finance post-mortem.

1145
00:42:23,000 --> 00:42:24,280
Most enterprises do the opposite.

1146
00:42:24,280 --> 00:42:27,160
They set budgets late, they set them at the wrong scope,

1147
00:42:27,160 --> 00:42:28,680
and they set thresholds that fire

1148
00:42:28,680 --> 00:42:30,600
after the enterprises already burn the money.

1149
00:42:30,600 --> 00:42:32,200
The classic example is a monthly budget

1150
00:42:32,200 --> 00:42:33,800
with a 90% alert.

1151
00:42:33,800 --> 00:42:35,800
That alert triggers when the month is nearly finished,

1152
00:42:35,800 --> 00:42:37,000
the spend has already happened,

1153
00:42:37,000 --> 00:42:39,800
and your options are limited to eat it or break something.

1154
00:42:39,800 --> 00:42:40,760
That's not a control.

1155
00:42:40,760 --> 00:42:43,320
That's a notification that your control model failed.

1156
00:42:43,320 --> 00:42:45,640
So budgets need three rules that are non-negotiable.

1157
00:42:45,640 --> 00:42:47,960
First, align budgets to ownership boundaries.

1158
00:42:47,960 --> 00:42:50,840
If a team owns a subscription, that subscription needs a budget.

1159
00:42:50,840 --> 00:42:53,640
If a platform domain owns a shared services subscription,

1160
00:42:53,640 --> 00:42:55,160
that subscription needs a budget.

1161
00:42:55,160 --> 00:42:57,320
If you can't name the owner, you can't budget it,

1162
00:42:57,320 --> 00:42:59,960
because there is no decision maker to receive the signal.

1163
00:42:59,960 --> 00:43:02,120
Budgeting, on-ones spend, is just documenting

1164
00:43:02,120 --> 00:43:03,720
a problem you refuse to fix.

1165
00:43:03,720 --> 00:43:05,720
Second, budgets must fire early.

1166
00:43:05,720 --> 00:43:08,680
50% and 70% thresholds aren't warnings.

1167
00:43:08,680 --> 00:43:10,440
They are deliberately placed interrupts.

1168
00:43:10,440 --> 00:43:12,760
They force the question, is this spend consistent

1169
00:43:12,760 --> 00:43:14,520
with what we expected the subscription to do?

1170
00:43:14,520 --> 00:43:17,000
If yes, then the organization updates its intent,

1171
00:43:17,000 --> 00:43:18,600
budget, forecast or constraints.

1172
00:43:18,600 --> 00:43:20,680
If no, then the organization intervenes,

1173
00:43:20,680 --> 00:43:22,280
right sizing, disabling a feature,

1174
00:43:22,280 --> 00:43:23,560
killing a runaway environment

1175
00:43:23,560 --> 00:43:25,800
or denying the next scale out through policy.

1176
00:43:25,800 --> 00:43:27,400
Budgets are not there to shame people.

1177
00:43:27,400 --> 00:43:28,680
They're there to force a decision

1178
00:43:28,680 --> 00:43:30,200
while the decision is still reversible.

1179
00:43:30,200 --> 00:43:33,960
Third, budget alerts must trigger action, not email.

1180
00:43:33,960 --> 00:43:36,440
Email is where accountability goes to die.

1181
00:43:36,440 --> 00:43:37,800
If you want budgets to matter,

1182
00:43:37,800 --> 00:43:39,720
root the alert into an escalation lane

1183
00:43:39,720 --> 00:43:41,720
that produces a tracked artifact,

1184
00:43:41,720 --> 00:43:43,640
a ticket in your ITSM tool,

1185
00:43:43,640 --> 00:43:46,920
a message into the right teams channel with the owner tagged,

1186
00:43:46,920 --> 00:43:48,920
an incident workflow for spend spikes

1187
00:43:48,920 --> 00:43:50,600
that threaten financial controls.

1188
00:43:50,600 --> 00:43:51,960
The point is not the tool.

1189
00:43:51,960 --> 00:43:53,800
The point is that an alert becomes a cue

1190
00:43:53,800 --> 00:43:56,200
with an owner and a response expectation.

1191
00:43:56,200 --> 00:43:57,800
And yes, you can do this in Azure

1192
00:43:57,800 --> 00:43:59,560
with action groups, webhooks, logic apps,

1193
00:43:59,560 --> 00:44:01,720
and whatever workflow system your org already pretends

1194
00:44:01,720 --> 00:44:02,840
is standardized.

1195
00:44:02,840 --> 00:44:05,080
The mechanism is implementation detail.

1196
00:44:05,080 --> 00:44:06,600
The model is what matters.

1197
00:44:06,600 --> 00:44:09,400
Budget trigger governance, not awareness.

1198
00:44:09,400 --> 00:44:10,760
Now, there's a common objection.

1199
00:44:10,760 --> 00:44:13,320
Budgets create alert fatigue.

1200
00:44:13,320 --> 00:44:14,920
They do if you design them like spam,

1201
00:44:14,920 --> 00:44:16,280
if you create budgets everywhere

1202
00:44:16,280 --> 00:44:18,360
at every scope with noisy thresholds,

1203
00:44:18,360 --> 00:44:19,720
you will flood the organization

1204
00:44:19,720 --> 00:44:21,240
with alerts that represent nothing.

1205
00:44:21,240 --> 00:44:23,080
Then teams mute them

1206
00:44:23,080 --> 00:44:25,240
and your budgets turn into background radiation.

1207
00:44:25,240 --> 00:44:26,360
That's not a people problem.

1208
00:44:26,360 --> 00:44:27,480
That's a design problem.

1209
00:44:27,480 --> 00:44:29,720
Avoid alert fatigue by having fewer budgets

1210
00:44:29,720 --> 00:44:30,680
with sharper scopes.

1211
00:44:30,680 --> 00:44:32,440
Put budgets where there is real ownership

1212
00:44:32,440 --> 00:44:34,120
and real financial exposure,

1213
00:44:34,120 --> 00:44:35,080
subscriptions,

1214
00:44:35,080 --> 00:44:37,080
platform domains, high-risk workloads

1215
00:44:37,080 --> 00:44:39,960
like AI, data, egress, heavy architectures,

1216
00:44:39,960 --> 00:44:42,360
and non-prod estates that love to sprawl.

1217
00:44:42,360 --> 00:44:44,360
Don't budget every resource group in the estate

1218
00:44:44,360 --> 00:44:45,720
because it feels thorough.

1219
00:44:45,720 --> 00:44:47,080
Thuroness is not control.

1220
00:44:47,080 --> 00:44:49,160
Control is knowing which levers matter.

1221
00:44:49,160 --> 00:44:52,760
Also, don't treat budget alerts as failures.

1222
00:44:52,760 --> 00:44:55,160
A fired budget alert is not an incident by default.

1223
00:44:55,160 --> 00:44:56,760
It's an anomaly indicator.

1224
00:44:56,760 --> 00:44:59,240
Sometimes the anomaly is legitimate growth.

1225
00:44:59,240 --> 00:45:03,000
A new workload, a migration phase, a seasonal spike.

1226
00:45:03,000 --> 00:45:04,360
The alert still did its job

1227
00:45:04,360 --> 00:45:06,120
because it forced the organization to acknowledge

1228
00:45:06,120 --> 00:45:07,560
that intent changed.

1229
00:45:07,560 --> 00:45:09,560
The worst outcome is not budget exceeded.

1230
00:45:09,560 --> 00:45:11,160
The worst outcome is budget exceeded

1231
00:45:11,160 --> 00:45:13,240
and nobody noticed until the invoice.

1232
00:45:13,240 --> 00:45:15,960
So if budgets are signals, what are they signaling?

1233
00:45:15,960 --> 00:45:17,400
They're signaling one of three things,

1234
00:45:17,400 --> 00:45:19,000
drift growth or fraud.

1235
00:45:19,000 --> 00:45:21,480
Drift means something is running that shouldn't be.

1236
00:45:21,480 --> 00:45:23,640
Growth means your usage pattern changed

1237
00:45:23,640 --> 00:45:24,920
and your budget model is stale.

1238
00:45:24,920 --> 00:45:28,520
Fraud in the broad sense means an unexpected pathway

1239
00:45:28,520 --> 00:45:30,040
is consuming resources

1240
00:45:30,040 --> 00:45:33,000
and cost is acting as the earliest signal something is wrong.

1241
00:45:33,000 --> 00:45:34,600
Budgets can't tell you which one it is.

1242
00:45:34,600 --> 00:45:37,320
That's your job, but budgets can tell you when to look.

1243
00:45:37,320 --> 00:45:39,800
Early, reliably at scale.

1244
00:45:39,800 --> 00:45:41,160
Now, here's the catch.

1245
00:45:41,160 --> 00:45:44,040
None of this works unless budgets have an accountability model

1246
00:45:44,040 --> 00:45:44,840
behind them.

1247
00:45:44,840 --> 00:45:46,360
Otherwise, you're just watching numbers move

1248
00:45:46,360 --> 00:45:47,880
and calling it governance.

1249
00:45:47,880 --> 00:45:50,520
Accountability models, showback, chargeback,

1250
00:45:50,520 --> 00:45:51,640
and the real point.

1251
00:45:51,640 --> 00:45:53,880
This is where every enterprise waste six months.

1252
00:45:53,880 --> 00:45:56,360
The religious war between showback and chargeback.

1253
00:45:56,360 --> 00:45:58,600
Finance wants chargeback because it looks like control.

1254
00:45:58,600 --> 00:46:02,120
Engineering wants to showback because it looks like collaboration.

1255
00:46:02,120 --> 00:46:05,480
Someone says we can't do chargeback until tagging is perfect.

1256
00:46:05,480 --> 00:46:09,000
And someone else says we won't fix tagging unless we do chargeback.

1257
00:46:09,000 --> 00:46:12,360
Then the meeting ends, nothing changes and the platform keeps spending.

1258
00:46:12,360 --> 00:46:13,720
That argument misses the point.

1259
00:46:13,720 --> 00:46:15,640
Showback and chargeback are not ideologies.

1260
00:46:15,640 --> 00:46:16,920
They are feedback mechanisms.

1261
00:46:16,920 --> 00:46:19,720
The only thing that matters is whether the cost signal

1262
00:46:19,720 --> 00:46:23,000
reaches the person who made the decision that created the spend.

1263
00:46:23,000 --> 00:46:25,400
Fast enough for them to change the next decision.

1264
00:46:25,400 --> 00:46:27,880
If the signal doesn't reach the decision maker,

1265
00:46:27,880 --> 00:46:29,080
you don't have accountability.

1266
00:46:29,080 --> 00:46:30,280
You have reporting.

1267
00:46:30,280 --> 00:46:33,640
Showback is the early stage tool for building trust in the data.

1268
00:46:33,640 --> 00:46:35,400
It says, here's what you consumed.

1269
00:46:35,400 --> 00:46:37,560
Here's the unit of allocation we agreed on.

1270
00:46:37,560 --> 00:46:39,000
And here's how it maps to the org.

1271
00:46:39,000 --> 00:46:40,760
No money moves, no budgets get hit.

1272
00:46:40,760 --> 00:46:43,400
The goal is to remove the your numbers are wrong debate

1273
00:46:43,400 --> 00:46:45,080
and replace it with boring acceptance.

1274
00:46:45,080 --> 00:46:46,920
Because until the numbers are boring,

1275
00:46:46,920 --> 00:46:48,280
nobody will accept chargeback.

1276
00:46:48,280 --> 00:46:51,080
Chargeback is the enforcement tool for making cost a real constraint

1277
00:46:51,080 --> 00:46:52,920
that moves money or at least it moves budget.

1278
00:46:52,920 --> 00:46:54,360
It creates an economic consequence

1279
00:46:54,360 --> 00:46:56,360
that forces teams to treat cloud consumption

1280
00:46:56,360 --> 00:46:58,760
like any other resource they can't waste without trade-offs.

1281
00:46:58,760 --> 00:47:00,120
But here's the uncomfortable truth.

1282
00:47:00,120 --> 00:47:03,320
Neither showback nor chargeback fixes anything by itself.

1283
00:47:03,320 --> 00:47:04,840
They are both downstream of governance.

1284
00:47:04,840 --> 00:47:07,000
If you didn't enforce ownership boundaries tagging

1285
00:47:07,000 --> 00:47:09,160
SKU constraints and budget escalation,

1286
00:47:09,160 --> 00:47:12,200
then chargeback just turns chaos into internal invoices.

1287
00:47:12,200 --> 00:47:14,920
So you'll spend your year mediating disputes between teams about

1288
00:47:14,920 --> 00:47:17,160
who pays for a shared log analytics workspace

1289
00:47:17,160 --> 00:47:18,680
that nobody scoped correctly.

1290
00:47:18,680 --> 00:47:19,960
That isn't accountability.

1291
00:47:19,960 --> 00:47:21,640
That's internal billing theater.

1292
00:47:21,640 --> 00:47:24,440
And showback without enforcement becomes wallpaper.

1293
00:47:24,440 --> 00:47:27,240
People glance at it, nod and keep deploying the same way

1294
00:47:27,240 --> 00:47:29,560
because nothing in their system changes when the number goes up.

1295
00:47:29,560 --> 00:47:31,160
So the sequence is deterministic.

1296
00:47:31,160 --> 00:47:33,400
First, showback to establish legitimacy.

1297
00:47:33,400 --> 00:47:35,640
Second, chargeback to establish consequence.

1298
00:47:35,640 --> 00:47:38,440
And the real point of both is to create an economic feedback loop

1299
00:47:38,440 --> 00:47:39,800
that closes fast.

1300
00:47:39,800 --> 00:47:42,600
A mature organization doesn't pick showback or chargeback.

1301
00:47:42,600 --> 00:47:44,840
It uses both deliberately at different stages

1302
00:47:44,840 --> 00:47:46,440
for different kinds of spend.

1303
00:47:46,440 --> 00:47:48,600
Now accountability isn't just who pays.

1304
00:47:48,600 --> 00:47:50,280
It's who is accountable for the guardrails.

1305
00:47:50,280 --> 00:47:52,360
This is where enterprises get sloppy

1306
00:47:52,360 --> 00:47:54,920
because they pretend accountability is a cultural concept.

1307
00:47:54,920 --> 00:47:56,680
It isn't. It's a design requirement.

1308
00:47:56,680 --> 00:47:57,960
In a real operating model,

1309
00:47:57,960 --> 00:48:00,440
the FinOps team or cloud economics function,

1310
00:48:00,440 --> 00:48:02,360
call it whatever your org chart tolerates,

1311
00:48:02,360 --> 00:48:04,200
should be accountable for defining the guardrails

1312
00:48:04,200 --> 00:48:05,560
and the measurement model.

1313
00:48:05,560 --> 00:48:08,440
App teams should be responsible for staying inside those guardrails,

1314
00:48:08,440 --> 00:48:11,400
including tagging compliance and cost-aware design decisions.

1315
00:48:11,400 --> 00:48:13,240
Finance should be consulted for budgeting,

1316
00:48:13,240 --> 00:48:16,040
allocation rules, and the mechanics of internal charge.

1317
00:48:16,040 --> 00:48:17,320
Leadership should be informed,

1318
00:48:17,320 --> 00:48:19,880
not asked to resolve the same argument every month.

1319
00:48:19,880 --> 00:48:20,920
That's not bureaucracy.

1320
00:48:20,920 --> 00:48:23,960
That's how you stop ownership from dissolving into everyone's problem,

1321
00:48:23,960 --> 00:48:26,520
which is just a polite way to say nobody's problem.

1322
00:48:26,520 --> 00:48:29,400
And there's another shift happening that enterprises keep ignoring.

1323
00:48:29,400 --> 00:48:30,920
FinOps is no longer just cloud.

1324
00:48:30,920 --> 00:48:34,120
The FinOps Foundation's newer cloud plus framing and scopes idea exists

1325
00:48:34,120 --> 00:48:35,720
because spending doesn't stay contained.

1326
00:48:35,720 --> 00:48:36,760
Cloud leads to SASS.

1327
00:48:36,760 --> 00:48:38,600
SASS leads to licensing sprawl.

1328
00:48:38,600 --> 00:48:40,600
AI leads to token burn and GPU bills

1329
00:48:40,600 --> 00:48:42,840
that make your old VM arguments look adorable.

1330
00:48:42,840 --> 00:48:44,600
If you build an accountability model

1331
00:48:44,600 --> 00:48:46,360
that only works for VMspend,

1332
00:48:46,360 --> 00:48:48,200
you're building yesterday's governance.

1333
00:48:48,200 --> 00:48:49,960
So the practical posture is scopes.

1334
00:48:49,960 --> 00:48:52,840
Apply accountability where spend concentrates.

1335
00:48:52,840 --> 00:48:56,440
Cloud scope, subscriptions, tagging, budget, policy enforcement,

1336
00:48:56,440 --> 00:48:59,480
AI scope, model usage, token forecasts,

1337
00:48:59,480 --> 00:49:02,760
stricter anomaly response because costs can spike fast.

1338
00:49:02,760 --> 00:49:05,080
Shared services scope, allocation rules

1339
00:49:05,080 --> 00:49:06,920
that make platforms spend legible,

1340
00:49:06,920 --> 00:49:08,760
even when it can't be perfectly metered.

1341
00:49:08,760 --> 00:49:10,280
You don't need to boil the ocean.

1342
00:49:10,280 --> 00:49:13,000
You need to stop pretending a single model fits everything.

1343
00:49:13,000 --> 00:49:14,760
The simplest version is this accountability

1344
00:49:14,760 --> 00:49:16,520
must follow decision rights.

1345
00:49:16,520 --> 00:49:18,440
If engineering can choose the SKU,

1346
00:49:18,440 --> 00:49:20,360
engineering must see the cost signal.

1347
00:49:20,360 --> 00:49:23,080
If the platform team controls diagnostics defaults,

1348
00:49:23,080 --> 00:49:26,200
the platform team must own the retention economics.

1349
00:49:26,200 --> 00:49:28,600
If leadership demands multi-region resilience,

1350
00:49:28,600 --> 00:49:30,280
leadership must accept the price tag

1351
00:49:30,280 --> 00:49:32,600
as a design decision, not a surprise invoice.

1352
00:49:32,600 --> 00:49:34,200
Once that operating model is real,

1353
00:49:34,200 --> 00:49:36,440
showback and chargeback, stop being arguments.

1354
00:49:36,440 --> 00:49:37,960
They become implementation details.

1355
00:49:37,960 --> 00:49:39,560
And now the transition that matters.

1356
00:49:39,560 --> 00:49:41,240
Once accountability exists,

1357
00:49:41,240 --> 00:49:43,400
enforcement has to live where the decisions happen.

1358
00:49:43,400 --> 00:49:45,080
Not in meetings in the control plane.

1359
00:49:45,080 --> 00:49:47,240
The enforcement stack, policy, RBIQ,

1360
00:49:47,240 --> 00:49:48,760
budgets, deployment stamps.

1361
00:49:48,760 --> 00:49:50,760
So if cost is an authorization outcome,

1362
00:49:50,760 --> 00:49:52,760
an accountability is the feedback loop.

1363
00:49:52,760 --> 00:49:54,360
Then enforcement is the only part

1364
00:49:54,360 --> 00:49:56,360
that actually survives contact with reality.

1365
00:49:56,360 --> 00:49:59,480
Meetings don't enforce, slide decks don't enforce.

1366
00:49:59,480 --> 00:50:00,920
Cost awareness doesn't enforce.

1367
00:50:00,920 --> 00:50:03,000
The control plane enforces.

1368
00:50:03,000 --> 00:50:06,280
And the enforcement stack in Azure is not complicated.

1369
00:50:06,280 --> 00:50:08,440
It's just unpopular because it removes freedom people

1370
00:50:08,440 --> 00:50:09,640
already got used to.

1371
00:50:09,640 --> 00:50:10,840
Start with Azure policy

1372
00:50:10,840 --> 00:50:13,720
because it's the closest thing Azure has to an authorization

1373
00:50:13,720 --> 00:50:15,160
compiler for cost intent.

1374
00:50:15,160 --> 00:50:17,960
Policy is where you encode the non-negotiables,

1375
00:50:17,960 --> 00:50:21,240
required tags, allowed regions, allowed SKUs

1376
00:50:21,240 --> 00:50:22,520
and configuration baselines

1377
00:50:22,520 --> 00:50:24,280
that have real financial impact,

1378
00:50:24,280 --> 00:50:25,640
deny is the blunt instrument,

1379
00:50:25,640 --> 00:50:27,080
modify is the quieter one.

1380
00:50:27,080 --> 00:50:28,760
Deploy if not exists is the,

1381
00:50:28,760 --> 00:50:30,040
you're going to pay for this anyway,

1382
00:50:30,040 --> 00:50:31,880
so we're going to standardize it move.

1383
00:50:31,880 --> 00:50:34,040
The key is that policy runs at deploy time.

1384
00:50:34,040 --> 00:50:35,240
It doesn't ask for cooperation.

1385
00:50:35,240 --> 00:50:36,760
It evaluates intent

1386
00:50:36,760 --> 00:50:39,400
and either materializes capacity or refuses it.

1387
00:50:39,400 --> 00:50:41,960
That means you stop trying to convince teams to behave

1388
00:50:41,960 --> 00:50:43,480
and you start designing the platform.

1389
00:50:43,480 --> 00:50:44,840
So behavior has boundaries.

1390
00:50:44,840 --> 00:50:47,000
Now this is where most enterprises sabotage themselves.

1391
00:50:47,000 --> 00:50:49,240
They treat policy exemptions like kindness.

1392
00:50:49,240 --> 00:50:50,520
Exemptions are not kindness.

1393
00:50:50,520 --> 00:50:52,200
They are entropy generators.

1394
00:50:52,200 --> 00:50:53,720
Every exemption should be visible,

1395
00:50:53,720 --> 00:50:55,560
justified, time boxed and reviewed

1396
00:50:55,560 --> 00:50:58,760
because if you can't explain why something bypassed the rules

1397
00:50:58,760 --> 00:51:00,120
you didn't make an exception,

1398
00:51:00,120 --> 00:51:01,800
you created a second rule set

1399
00:51:01,800 --> 00:51:03,640
that only some people know exists.

1400
00:51:03,640 --> 00:51:04,760
Next layer is RBAC

1401
00:51:04,760 --> 00:51:06,360
because policy without permission design

1402
00:51:06,360 --> 00:51:08,440
is just a guard rail around a highway exit,

1403
00:51:08,440 --> 00:51:09,480
nobody controls.

1404
00:51:09,480 --> 00:51:11,320
Most organizations have a contributor problem.

1405
00:51:11,320 --> 00:51:13,640
They hand out broad contributor at subscription scope

1406
00:51:13,640 --> 00:51:15,240
because it makes delivery easy

1407
00:51:15,240 --> 00:51:17,800
and then they act surprised when spend is unbounded.

1408
00:51:17,800 --> 00:51:19,560
Contributor is not empowerment.

1409
00:51:19,560 --> 00:51:21,400
It is a spend authorization primitive.

1410
00:51:21,400 --> 00:51:23,880
If a team can create resources they can create cost.

1411
00:51:23,880 --> 00:51:27,640
If they can assign roles they can create new spend pathways

1412
00:51:27,640 --> 00:51:29,560
and if they can deploy without a cost signal

1413
00:51:29,560 --> 00:51:31,800
they can externalize the consequences.

1414
00:51:31,800 --> 00:51:33,160
So RBAC needs two outcomes.

1415
00:51:33,160 --> 00:51:35,000
First the people making deployment decisions

1416
00:51:35,000 --> 00:51:37,560
must be able to see cost, cost management reader

1417
00:51:37,560 --> 00:51:39,720
or equivalent visibility for engineering,

1418
00:51:39,720 --> 00:51:41,160
leads and platform owners.

1419
00:51:41,160 --> 00:51:43,960
If they can't see cost trends, budgets and anomalies

1420
00:51:43,960 --> 00:51:46,760
they are operating blind and blind systems drift.

1421
00:51:46,760 --> 00:51:49,720
Second, deploy authority and spend accountability

1422
00:51:49,720 --> 00:51:52,120
can't be the same unmanaged blob.

1423
00:51:52,120 --> 00:51:54,280
That doesn't mean you create a bureaucracy of approvals.

1424
00:51:54,280 --> 00:51:55,880
That means you design roles

1425
00:51:55,880 --> 00:51:58,200
so the enterprise can tell who is allowed to do what

1426
00:51:58,200 --> 00:52:00,280
and who is responsible when it goes wrong.

1427
00:52:00,280 --> 00:52:01,880
And yes, that often means pipelines

1428
00:52:01,880 --> 00:52:03,800
and managed identities get narrowed permissions

1429
00:52:03,800 --> 00:52:05,640
not contributor because it works.

1430
00:52:05,640 --> 00:52:08,200
Because it works is how cost entropy gets funded.

1431
00:52:08,200 --> 00:52:10,040
Third layer is budgets but not as tracking

1432
00:52:10,040 --> 00:52:11,320
as escalation engines.

1433
00:52:11,320 --> 00:52:13,720
Budgets are the interrupt system

1434
00:52:13,720 --> 00:52:16,200
that tells you intent and reality diverged.

1435
00:52:16,200 --> 00:52:17,080
They don't stop spend.

1436
00:52:17,080 --> 00:52:18,040
They root attention

1437
00:52:18,040 --> 00:52:20,280
and if they aren't wired into action,

1438
00:52:20,280 --> 00:52:22,200
tickets, paging, escalation channels,

1439
00:52:22,200 --> 00:52:24,680
they are a compliance checkbox that produces email.

1440
00:52:24,680 --> 00:52:26,520
Budgets should exist at subscription scope

1441
00:52:26,520 --> 00:52:28,120
because that's where ownership is legible

1442
00:52:28,120 --> 00:52:29,560
and blast radius is bounded.

1443
00:52:29,560 --> 00:52:32,040
They can also exist at higher scopes for rollups

1444
00:52:32,040 --> 00:52:33,560
but the place where action happens

1445
00:52:33,560 --> 00:52:35,640
is where someone can actually change something

1446
00:52:35,640 --> 00:52:37,000
without a committee.

1447
00:52:37,000 --> 00:52:38,280
And budgets should fire early

1448
00:52:38,280 --> 00:52:40,280
because the platform needs time to respond.

1449
00:52:40,280 --> 00:52:42,680
50 and 70% thresholds are not conservative.

1450
00:52:42,680 --> 00:52:43,560
They are practical.

1451
00:52:43,560 --> 00:52:44,840
They're the only way to catch drift

1452
00:52:44,840 --> 00:52:46,040
while you still have options.

1453
00:52:46,040 --> 00:52:48,280
Now the fourth layer is the part people ignore

1454
00:52:48,280 --> 00:52:50,120
because it feels like platform engineering

1455
00:52:50,120 --> 00:52:51,000
not finnops.

1456
00:52:51,000 --> 00:52:52,200
Deployment stamps.

1457
00:52:52,200 --> 00:52:53,480
Guarded environments.

1458
00:52:53,480 --> 00:52:55,240
Standard patterns.

1459
00:52:55,240 --> 00:52:56,520
Call them what you want.

1460
00:52:56,520 --> 00:52:57,640
The idea is the same.

1461
00:52:57,640 --> 00:53:00,600
You stop letting every team invent their own cost model

1462
00:53:00,600 --> 00:53:01,720
by accident.

1463
00:53:01,720 --> 00:53:04,760
A stamp is a pre-approved, pre-constrained deployment pattern

1464
00:53:04,760 --> 00:53:06,520
networking, logging, diagnostics,

1465
00:53:06,520 --> 00:53:08,920
SKU baselines, scaling rules, retention settings

1466
00:53:08,920 --> 00:53:11,160
and whatever else always turns into surprise spend.

1467
00:53:11,160 --> 00:53:13,800
When teams deploy through the stamp,

1468
00:53:13,800 --> 00:53:15,800
they inherit the constraints and the defaults

1469
00:53:15,800 --> 00:53:17,080
and the platform doesn't really

1470
00:53:17,080 --> 00:53:19,080
delegate the same cost mistakes 400 times.

1471
00:53:19,080 --> 00:53:21,560
This is how you scale autonomy without scaling chaos

1472
00:53:21,560 --> 00:53:24,120
because you're not restricting teams to one architecture.

1473
00:53:24,120 --> 00:53:25,640
You're restricting them to architectures

1474
00:53:25,640 --> 00:53:27,160
with known cost behavior

1475
00:53:27,160 --> 00:53:28,440
and then you do one more thing,

1476
00:53:28,440 --> 00:53:29,640
enterprises avoid.

1477
00:53:29,640 --> 00:53:31,800
You make exceptions expensive in process,

1478
00:53:31,800 --> 00:53:32,920
not in politics.

1479
00:53:32,920 --> 00:53:35,000
If a workload needs to break the stamp fine,

1480
00:53:35,000 --> 00:53:36,920
but it does so through a visible exception path

1481
00:53:36,920 --> 00:53:37,800
with an expiry.

1482
00:53:37,800 --> 00:53:39,080
That keeps the baseline clean

1483
00:53:39,080 --> 00:53:40,520
and it forces special cases

1484
00:53:40,520 --> 00:53:41,880
to prove they're still special

1485
00:53:41,880 --> 00:53:43,400
every time the clock runs out.

1486
00:53:43,400 --> 00:53:45,400
So the enforcement stack is simple.

1487
00:53:45,400 --> 00:53:47,000
Policy defines what is allowed,

1488
00:53:47,000 --> 00:53:48,520
our back defines who can attempt it,

1489
00:53:48,520 --> 00:53:50,440
budgets define when reality diverges,

1490
00:53:50,440 --> 00:53:52,360
stamps define the default pathways,

1491
00:53:52,360 --> 00:53:53,880
so divergence is rarer,

1492
00:53:53,880 --> 00:53:55,880
and the outcome is the only thing that matters.

1493
00:53:55,880 --> 00:53:57,880
Cost becomes an enforced design decision,

1494
00:53:57,880 --> 00:53:59,320
not a post-mortem artifact.

1495
00:53:59,320 --> 00:54:01,000
Now the question isn't what tools should we use,

1496
00:54:01,000 --> 00:54:02,680
the way the question is,

1497
00:54:02,680 --> 00:54:05,000
can you roll this out in a way that survives

1498
00:54:05,000 --> 00:54:06,600
organizational pressure?

1499
00:54:06,600 --> 00:54:08,600
That's next, the 90-day rollout

1500
00:54:08,600 --> 00:54:10,520
from surprise bills to enforced in 10.

1501
00:54:10,520 --> 00:54:12,760
This only works if you treat it like a platform rollout,

1502
00:54:12,760 --> 00:54:14,200
not a finance initiative.

1503
00:54:14,200 --> 00:54:17,240
90 days is enough time to change the system behavior.

1504
00:54:17,240 --> 00:54:19,400
If you stop negotiating with entropy

1505
00:54:19,400 --> 00:54:21,480
and start removing its pathways,

1506
00:54:21,480 --> 00:54:22,680
days one to 30,

1507
00:54:22,680 --> 00:54:24,680
define ownership boundaries and make them real.

1508
00:54:24,680 --> 00:54:27,480
Lock in your subscription strategy,

1509
00:54:27,480 --> 00:54:28,840
what is prod, what is non-prod,

1510
00:54:28,840 --> 00:54:29,480
what is platform,

1511
00:54:29,480 --> 00:54:30,280
what is sandbox,

1512
00:54:30,280 --> 00:54:32,120
and who owns each of those scopes,

1513
00:54:32,120 --> 00:54:33,880
then define the minimum tagging taxonomy

1514
00:54:33,880 --> 00:54:35,720
that represents financial identity,

1515
00:54:35,720 --> 00:54:37,960
owner, environment, and cost center or product.

1516
00:54:37,960 --> 00:54:39,400
Keep it small and enforceable.

1517
00:54:39,400 --> 00:54:41,320
At the same time, stand up initial showback

1518
00:54:41,320 --> 00:54:43,400
with whatever accuracy you currently have

1519
00:54:43,400 --> 00:54:45,160
because the point in month one is to surface

1520
00:54:45,160 --> 00:54:46,840
where you can't allocate and why

1521
00:54:46,840 --> 00:54:49,080
that gap is your backlog, not your shame.

1522
00:54:49,080 --> 00:54:52,360
Days 31 to 60, move from visibility to enforcement.

1523
00:54:52,360 --> 00:54:54,120
This is where you start using Azure Policy

1524
00:54:54,120 --> 00:54:55,320
like it's meant to be used

1525
00:54:55,320 --> 00:54:57,800
to stop the platform from accepting ambiguity.

1526
00:54:57,800 --> 00:54:59,720
Deny untagged production deployments.

1527
00:54:59,720 --> 00:55:02,520
Use modify where you can safely add baseline tags

1528
00:55:02,520 --> 00:55:03,560
or inherit them,

1529
00:55:03,560 --> 00:55:06,200
but don't confuse auto tagging with governance.

1530
00:55:06,200 --> 00:55:09,480
Implement budgets at subscription scope with early thresholds.

1531
00:55:09,480 --> 00:55:11,880
Root alerts into an action path, not a mailbox,

1532
00:55:11,880 --> 00:55:13,800
then restrict as used by environment.

1533
00:55:13,800 --> 00:55:15,720
Non-prod doesn't get premium by default

1534
00:55:15,720 --> 00:55:17,160
and regions don't sprawl

1535
00:55:17,160 --> 00:55:19,160
because someone felt adventurous in the portal.

1536
00:55:19,160 --> 00:55:20,440
Day 61 to 90,

1537
00:55:20,440 --> 00:55:23,000
wire escalation and institutionalized exceptions,

1538
00:55:23,000 --> 00:55:24,040
build the workflow,

1539
00:55:24,040 --> 00:55:25,400
budget alert creates a ticket,

1540
00:55:25,400 --> 00:55:26,680
it lands with a named owner,

1541
00:55:26,680 --> 00:55:28,520
it has an SLA and it has an outcome,

1542
00:55:28,520 --> 00:55:31,880
justify, remediate or request an exception with an expiry,

1543
00:55:31,880 --> 00:55:33,880
then formalize shared platform accountability.

1544
00:55:33,880 --> 00:55:36,600
If platform subscriptions aren't budgeted and allocated,

1545
00:55:36,600 --> 00:55:38,280
you're funding a black hole.

1546
00:55:38,280 --> 00:55:40,360
Finally, introduce deployment stamps.

1547
00:55:40,360 --> 00:55:42,520
Guarded patterns that encode cost-bounded default

1548
00:55:42,520 --> 00:55:45,960
so teams stop reinventing expensive architectures accidentally.

1549
00:55:45,960 --> 00:55:48,440
The deliverables at day 90 are boring on purpose,

1550
00:55:48,440 --> 00:55:51,400
a reference architecture for subscriptions and environments,

1551
00:55:51,400 --> 00:55:52,840
a policy starter pack,

1552
00:55:52,840 --> 00:55:55,560
an accountability model that survives org charts

1553
00:55:55,560 --> 00:55:58,680
and an operating cadence that doesn't depend on heroics.

1554
00:55:58,680 --> 00:56:00,760
And avoid the predictable anti-patterns.

1555
00:56:00,760 --> 00:56:03,000
Optimize first, tag later,

1556
00:56:03,000 --> 00:56:06,040
dashboards as governance and exceptions without expiry.

1557
00:56:06,040 --> 00:56:08,440
Those are just different ways of asking entropy to be polite.

1558
00:56:09,160 --> 00:56:11,400
Cost discipline is enforced autonomy.

1559
00:56:11,400 --> 00:56:15,000
Cloud becomes expensive when unbounded choice meets zero accountability

1560
00:56:15,000 --> 00:56:18,760
and as your will happily build you for every unknown decision you allowed.

1561
00:56:18,760 --> 00:56:20,280
If you want predictable spend,

1562
00:56:20,280 --> 00:56:21,960
stop treating finops like reporting

1563
00:56:21,960 --> 00:56:25,000
and start enforcing financial intent in the control plane,

1564
00:56:25,000 --> 00:56:27,240
subscription boundaries, policy constraints,

1565
00:56:27,240 --> 00:56:30,040
budget escalation and time boxed exceptions.

1566
00:56:30,040 --> 00:56:31,240
If you want the next layer,

1567
00:56:31,240 --> 00:56:32,760
how to design the authorization graph

1568
00:56:32,760 --> 00:56:35,160
so cost controls don't erode over time,

1569
00:56:35,160 --> 00:56:36,360
watch the next episode,

1570
00:56:36,360 --> 00:56:38,360
subscribe if you're done paying for ambiguity.