Microsoft

Azure Governance

Department:
Azure Governance

Timeframe
2024.1 - 2024.12

Role
Lead product designer

Azure Governance is a product initiative aimed at improving visibility, control, and trust in how cloud resources are changed and removed across enterprise environments. This work included the design of two critical governance tools:
1. Resource Change Portal
A centralized experience that allows users to track, review, and audit historical changes made to Azure resources. Designed to increase transparency and accountability, it helps engineers and administrators understand who made changes, what was modified, and when it happened—supporting operational debugging, compliance, and incident resolution.
2. Resource Delete Portal
A guided and consistent delete flow that helps users understand the impact of removing Azure resources. The design focuses on reducing accidental deletions, increasing user confidence, and streamlining post-delete recovery and traceability.
Together, these tools empower users to manage their cloud environments more safely and responsibly, while aligning with Azure’s broader goals of enterprise-grade governance and secure operations.

Design overview  
01 - Impact at a Glance

10,000 +

External users onboarded across enterprise Azure customers. ( Resource Change Portal )

↓75%

Reduction in incident triage time by making change history easily accessible. ( Resource Change Portal )

↑22%

Increase in user confidence before confirming deletions based on UX surveys. ( Resource delete portal )

↓40%

Decrease in accidental deletion escalations reported by pilot customers. ( Resource delete portal )

Design overview  
02 - Project Snapshot

Resource Change Portal

Target user:
Enterprise Azure customers—cloud admins, engineers, and compliance teams managing production environments.Azure product managers and engineering leads responsible for Terraform enablement
User pain point:
No centralized, user-friendly way to track who made changes to resources, when, and what was modified—leading to slow incident resolution and audit overhead.
Product goal:
Provide a clear and filterable view of resource change history to support debugging, governance, and compliance efforts.
Challenge:
Visualize change events at scale in a way that’s both technically accurate and easy to interpret across diverse user roles.

Resource Delete Portal

Target user:
Azure customers responsible for managing and decommissioning cloud resources across complex infrastructures.
User pain point:
Deletion flows were inconsistent across resource types, lacked risk visibility, and often led to accidental data loss or insufficient guardrails.
Product goal:
Deliver a consistent, policy-aware delete experience that helps users understand the impact of deletion, avoid irreversible actions, and recover from mistakes when possible.
Challenge:
Integrate soft-delete logic through Azure Policy, while maintaining a unified experience across multiple services with different behaviors and recovery mechanisms.

From user insight to focused execution

Design Process & Key Decision

Design process & key decision
01 - Design Process

The Azure Governance initiative was driven by a need to strengthen trust, control, and clarity in how customers manage changes and deletions across cloud resources. Both tools—Resource Change Portal and Resource Delete Portal—originated from direct customer pain points raised through feedback channels, support tickets, and regulatory demands.
1. Design Needs Alignment
Rooted in needs like traceability, deletion safety, and compliance clarity.
2. MVP Scoping
Focused on change visibility and a consistent, policy-integrated delete experience.
3. Design Prototype
Used Azure design system to build flows, refined based on internal and external feedback.
3. User Insights & Future Opportunities
Deferred complex features due to technical constraints, but ensured scalable structure.

Design process & key decision
02 - Design Needs Alignment

With the help from our user researcher, we interviewed around 32 users for these two projects and defined the key insights below.

Azure Resource Change Portal

01/ Lack of centralized change visibility
Users had no single place to view historical changes across resources, relying instead on raw activity logs and scripts.due to difficulty identifying who changed what and when
02/ Slow and manual incident investigation
Teams spent significant time tracing who made what changes and when—especially during outages or escalations.There was no intuitive way to check which Azure resources were supported in Terraform across the platform, leading to scattered, inconsistent tracking.
03/ Audit and compliance friction
In regulated industries, proving change history for compliance reviews was difficult and inconsistent across teams.

Azure Resource Delete Portal

01/ Inconsistent delete behaviors across resource types
Different Azure services had varied delete patterns, leading to confusion and increased risk of irreversible actions.
02/ Limited post-delete recoverability
Users lacked options to define how long deleted resources should be retained, making it hard to mitigate human error.
03/ Need for policy-driven retention control
Enterprises wanted the ability to create and assign Azure Policies to enforce consistent soft-delete retention rules per resource type.
04/ Lack of clarity around deletion impact
Users needed better visibility into what would be affected before confirming a delete, especially in production environments.

Design process & key decision
03 - MVP Scoping

Azure Resource Change Portal

01/ View change history easily
Show what changed, when, and by whom—without digging through raw logs or using CLI commands.
02/ Filter changed resources quickly
Enable users to narrow results by resource type, time range, or user identity to focus on relevant updates.
03/ Understand change details at a glance
Provide human-readable summaries of change actions (e.g., updated properties, configuration changes) to support fast triage and auditing.

Azure Resource Delete Portal

01/ Unified delete experience
Provide a consistent and guided deletion flow across different Azure resource types to reduce confusion and errors.
02/ Preview deletion impact
Users lacked options to define how long deleted resources should be retained, making it hard to mitigate human error.Help users understand what dependencies or downstream effects might be triggered before confirming deletion.
03/ Set retention rules with Azure Policy
Allow organizations to define how long deleted resources are retained via policy-based soft delete, enabling safer operations and easier recovery.

Design process & key decision
04 - Design Prototype

Based on the MVP pre defined, I generated a flow to help user track, filter and compare the changed resource.

Azure Resource Change Portal

Scope 1: View change history easily
Scope 2: Filter changed resources quickly
Scope 3: Understand change details at a glance

Azure Resource Delete Portal

Scope 1: Unified delete experience
Scope 2: Preview deletion impact
Scope 3: Understand change details at a glance

Design process & key decision
05 - User Insights and Future Opportunity

Resource Change Portal

User feedback validated the majority of core needs—including the ability to easily view, filter, and investigate resource changes—were effectively addressed through the redesigned experience. However, certain advanced capabilities were deferred due to time constraints and current API limitations. These include:
Automatic detection of unusual or risky changesInteractive dashboards or charts to summarize change activity across resources
Additionally, users expressed a strong interest in receiving notifications (via email or Azure notifications) when changes occur on specific resources—an area that presents clear future opportunity for proactive governance tooling.
These insights highlight not only the effectiveness of the MVP, but also a roadmap of user-driven enhancements that could further improve trust and operational control over time.

Azure Resource Delete Portal

Most core features of the Resource Delete Portal—such as the unified delete experience, policy-based retention, and pre-deletion impact awareness—received highly positive feedback from users. The guided flow was seen as a major improvement over fragmented, service-specific deletion patterns.
However, a notable limitation emerged around the lack of filtering or bulk management for resources with the same retention policy or expiration window. Users managing large-scale environments expressed the need to view, filter, and act on similarly retained resources in bulk, such as expiring resources within a specific time frame or under the same policy.
This insight highlights a valuable future direction: enabling batch operations and policy-aligned filtering to streamline governance workflows and reduce manual overhead in high-scale environments.

Unified Control for Resource Cleanup

Design Summary

The Azure Resource Delete Portal was designed to bring clarity, consistency, and safety to the way customers remove cloud resources. By unifying deletion experiences across services and integrating Azure Policy–based soft delete, the portal helps users make informed decisions and reduces the risk of accidental data loss.
The design focused on three core goals:
- Standardizing the delete experience across resource types
- Making impact and dependency visibility part of the decision-making flow
- Allowing governance teams to enforce retention rules via policy

User feedback validated these goals, with the guided flow earning strong praise. However, the lack of filtering and bulk management for resources with shared retention settings remains a clear future opportunity—especially for customers operating at scale.