Why Your Azure Subscription Looks Like a Teenager's Bedroom (And How to Fix It)

🎬 The Scene: It's Monday Morning... You open the Azure portal. There are 47 resource groups. Nobody knows who created 23 of them. There's a VM called test-final-v2-REAL-final running since 2024. Someone deployed a $800/month App Gateway for a dev environment. The tagging strategy? What tagging strategy? Sound familiar? Welcome to Azure Cloud Architecture Therapy — where we turn your chaotic cloud into something a Principal Engineer would be proud of. Grab coffee. This is going to be fun. 🏗️ First: How Azure Actually Works (The 2-Minute Version) Before we fix anything, let's understand the plumbing. Every single thing you do in Azure — whether you're clicking buttons in the portal or running terraform apply — goes through one gateway: You → Azure Resource Manager (ARM) → The Actual Resource ARM is the bouncer at the club. It checks: Who are you? (Authentication via Entra ID) Can you do this? (Authorization via RBAC) Should we let this through? (Policies & throttle limits) OK, forwarding