Skip to main content

Azure Governance at Scale

1. What this document is about

This document defines how to design, reason about, and stress-test Azure governance models in organizations where cloud scale is no longer a technical problem, but an organizational one.

It applies to environments where:

  • Multiple product teams deploy indepdendently
  • Platform teams own shared capabilities, not products
  • Cost, compliance, and security are strctural constraints
  • Azure is a long-term execution plataform, not an experiment

It explicitly does not apply to:

  • Single-team or short-lived environments
  • Azure used as "just infrastructure"
  • Organizations without cost attribution
  • Early-stage systems still discovering their boundaries

This is a decision framework based on my experience, not a configuration guide.

2. Why this matters in real systems

Azure governance becomes unavoidable when organizational entropy outpaces informal coordination.

Common real-world inflection points:

Scale pressure

  • 5 → 20 → subscriptions
  • Multiple CI/CD pipelines deploying concurrently
  • Teams optimizing locally, harming globally

Economic pressure

  • Clound cost moves from "IT expense" to "business liability"
  • Finance demands attribution, not estimates
  • Engineers are asked to explain cost behavior after the fact

Regulatory pressure

  • Audits require provable isolation
  • "We trust this team" stops being an argument
  • Manual controls stop being defensible

When governance is absent or weak:

  • Subscriptions accumulate unrelated workloads
  • RBAC becomes irreversible without outages
  • Policy exceptions multiply silently
  • Platform teams are blamed for decisions they did not make

Simplistic governance fails because:

  • Central approval models do not survive deployment velocity
  • Flat subscription models collapse under ownership ambiguity
  • Tooling is mistaken for governance

Governance emerges as a survival mechanism, not a best practice.

3. Core concept (mental model)

Azure governance is best understood as organizational topology encoded into infrastructure.

A precise mental model:

Governance defines who can do what, where, at what cost, and with whose approvalbefore code runs.

Key dimensions:

  • Hierarchy: where decisions apply
  • Isolation: where failures stop
  • Ownership: who pays and who answers
  • Constraints: what is impossible by design

The system works when:

  • Teams reason about boundaries, not rules
  • Violations are detectable, not debatable
  • Most decisions never require human approval

Governance is not about control. It is about making the wrong decisions expensive or impossible.

4. How it works (step-by-step)

Step 1: Define non-negotiables (organizational, not technical)

Example of real non-negotiables:

  • Regulated workloads must never share runtime with non-regulated ones
  • Every cloud cost must map to a business ownership
  • No production workload runs without observability baselines
  • Platform teams must not approve day-to-day deployments

If these are not explicit, Azure structure will encode the wrong assumptions.

Step 2: Design the management group topology

Management Groups are policy blast-radius boundaries, not folders.

A mature topology often encodes:

  • Regulatory domains
  • Business criticality
  • Platform vs product separation

Example:


Tenant Root
└── Corp
    ├── Shared-Platform
    ├── Regulated
    │   ├── Financial
    │   └── Identity
    └── Non-Regulated
        ├── Growth
        └── Internal

Invariant:

  • No subscription bypasses the Hierarchy
  • Root policies are minimal and irreversible

Step 3: Subscriptions as ownership and failure domains

Subscriptions are

  • Cost units
  • RBAC boundaries
  • Failure containment zones

They are not environments by default.

Bad model:

One subscription for all prod workloads

Better model:

Subscriptions aligned to team × domain × criticality

Example


Payments-Prod
Risk-Prod
Identity-Prod

Each with:

  • Separate budgets
  • Independent RBAC
  • Independent incident blast radius

This is expensive — intentionally.

Step 4: Policy as enforcement, not documentation

Azure Policy exists to remove choice, not guide behavior.

Effective policies:

  • Mandatory tagging with deny
  • Allowed SKUs and regions
  • Diagnostic settings enforcement
  • Resource type allow-lists per domain

Anti-pattern:

  • Audit-only policies everywhere

Audit-only governance creates ilusion of control.

5: RBAC as a liability surface

RBAC scales poorly if unmanaged.

Real constraints:

  • Roles accumulate faster than they are removed
  • Emergency access becomes permanent
  • "Temporary" access is never revisited

Governance responses:

  • No individual assignments at subscription scope
  • Role assignment via groups only
  • Time-bound elevation for production

RBAC without lifecycle is technical debt with security impact.

5. Concrete production model (end-to-end)

Scenario

A regulated fintech with shared platform services and autonomous product teams.

Structure

  • Plataform owns Shared-Plataform subscriptions
  • Product teams own their domain subscriptions
  • Security and compliance enforced at Management Group level

Flow

  1. Platform defines policies and landing zone templates
  2. Teams request subscriptions, not permissions
  3. CI/CD deploys within pre-approved boundaries
  4. Cost reports map directly to business domains
  5. Violations surface as signals, not incidents

This model survices:

  • Team churn
  • Organizational reorgs
  • Audit cycles
  • Cost optimization initiatives

6. Design trade-offs

DecisionGainCost
More subscriptionsIsolation, clarityHigher baseline cost
Strong deny policiesPredictabilityReduced flexibility
Federated ownershipSpeedPolicy complexity
Plataform guardrailsScalabilityInitial design effort

Implicit acceptance:

  • Governance increases upfront friction
  • Poorly designed governance creates long-term drag
  • You cannot optimize for speed and control simultaneously

7. Operational and production realities

What you monitor in real governance:

  • Policy violations trend (rate matters more than count)
  • Cost drift per domain
  • RBAC growth rate
  • Exception lifetimes

Early degradation signals:

  • Teams asking for "temporary" bypasses
  • Platform team pulled into delivery discussions
  • Cost reviews becoming political

Governance failure is slow, then sudden.

8. When NOT to use this

Avoid this model when:

  • Team count < 3
  • No regulatory exposure
  • Cloud spend is negligible
  • Organization still changing structure monthly

Governance before boundaries exist is guesswork.

9. Key takeaways

  • Governance encodes organizational decisions into infrastructure
  • Subscriptions represent ownership and failure, not convenience
  • Guardrails outperform approvals at scale
  • Policy without enforcement is theater
  • RBAC is an attack surface, not just access control
  • Governance must be observable to be trusted
  • Over-governance is as harmful as none

10. High-Level Overview

Visual representation of Azure governance, highlighting enforced boundaries, subscription ownership, and feedback-driven evolution.

Scroll to zoom • Drag to pan
Azure GovernanceAzure Governance 1) Org Intent (Non-negotiables)2) Azure Hierarchy (Where governance applies)3) Guardrails (Enforced constraints)4) Execution (Inside boundaries)5) Signals (Constraints flow upward)6) Governance Evolution (Adjustments)Regulatory constraints- isolation requirements- auditability expectations- data residency / region rulesCost accountability- owner per workload- budget boundaries- chargeback/showback modelOperational expectations- incident ownership- production readiness baseline- SLO / reliability postureTenant RootMinimal global constraints(avoid heavy policy here)Management GroupsControl domains (policy blast radius)Regulated vs non-regulatedCritical vs non-criticalPlatform vs productSubscriptionsPrimary boundary for:- ownership & accountability- cost- RBAC- failure / blast radiusAzure Policy + InitiativesUse for:-denynon-negotiables-modifybaselines-auditvisibilityAnti-pattern: audit-only everywhereRBAC ModelRules that scale:- groups-only assignments- least privilege by default- avoid subscription-wide humans- time-bound elevation for prod- review drift as debtStandardsMake cost & ops tractable:- tagging (owner, costCenter, domain, env)- naming- allowed regions/SKUs- lifecycle (expiration, cleanup)Landing Zones (Baseline)What 'good' looks like by default:- network baseline- logging/diagnostics routing- security baseline- deployment boundariesTeams & WorkloadsAutonomous squadsOwn runtime outcomeswithin guardrailsCI/CD + IaCDeploy without human approvalsas long as compliant(guardrails replace gates)RuntimeServices, data, networkLive production behaviorunder stressPolicy signals- denies (hard stop)- violations trendRate > countExceptions with expiryCost signals- drift vs baseline- anomalies- spend by owner/domain(not just by subscription)Access signals- role assignment growth- privilege creep- emergency access permanenceFriction signalsEarly warning:- bypass requests- platform pulled into delivery- 'temporary' exceptions- political cost reviewsRefine constraints- tighten deny/modify- reduce exception surface- standardize initiativesReshape boundaries- MG regrouping- subscription strategy changes- new domains / re-orgsClarify ownership- budgets & accountability- incident/runbook ownership- lifecycle enforcementSubscription strategy is irreversible debt if wrong.Choose subscriptions to match:- ownership (who answers)- cost (who pays)- blast radius (what breaks together)Policy types-deny: prevent non-negotiables-modify: enforce baselines automatically-audit: visibility (not control)Audit-only governance = *theater*.If governance is felt daily, it is likely misdesigned:- too many gates- unclear ownership- exception process without expirydefine global constraintsdefine accountability principlesdefine prod readiness baselinepartition control domainsallocate ownership + isolationinherit + enforcescope permissionsensure attribution & consistencyapply baseline postureallowed space (enforced)permitted actions (bounded)predictable automation inputscompliant deployments by defaultship changes continuouslydeploy within constraintsviolations / deniesconsumption / spendaccess driftbypass pressuretune enforcementimprove attributionreduce privilege creepredesign boundariesupdate initiativesreshape hierarchyenforce owners/budgetsMental model-Decisions flow downward: intent → structure → constraints → execution-Constraints flow upward: signals → drift → adjustment- Goal: maximize team autonomywithin enforced boundariesplantuml-src bLXXRnkv4Vs-lu98WOkai-8cTnSK1dg0epYkK3iAB2T10mC7QfTQiLwHUoHNYgueq4_z0KL_uVsIlY6v4dTjnsw0mFQI70vdthnvf9Ek4kpqjyO8TgutmYYkSi5-_zT_MPOzP-E7_c7iaxGDhvXhb5GbMsh353T6RrdDIs6_kTZUIbLpmzTimVFRqkX65HDTmOGpN5aC2UMIMNR52xtrs_3AYcJ4BysrKSAmbw-JWHg6uSVSxN0-8tB7LLcbAmknv4tbtcdbtlErO5FbXBaxVYs-kjDAbceDbrWbbgbVftJUwvNCRvMmbhryyQe_64xrXzV-NvOwthh4_f4nzaQRGfZkv7ycivLszqpya_-7YPdJDNEQBRHp6gvBiYwrUYo5bpWJKhZMXQZOu5RKZkLwZT2v8xQIvMfiSN1U3RzffXAbK4K8pMYKcXoDiZ4RZTwAN5fuOzco0ZoGIRNbfXYDJfX4q17Mt__z7sQTQN97EAI_Sam75Z1k_T_YgyWRVoIoE4b6lSscRYq6ZyEYmiXbCCwBlpVMKGgn_bppweIj-LUvbhy9vWG2p1kdbLxlO7mhtKeg9XGWdOi2GGN4k972uZmuQJZlOw5zEMGpKxO772YjnagKsac-g8JzTaGZTjcpQ6GQZRpl6Nd6k6KNV_J0EE3fsPKecuexRNPf66_Kc4chCO0eOlgl3L124V4Zl2caumjPIRT3i6koHXFzOC4Tnmeh2w7o7Jl6xwKtqi0BxyJq_VKlLsVdNJycsZh6ynpnQqsJDQGVnLhZ_rQRsqhpWhukcg8KBWasVSnNt9I2EEBOhlIMVWd8scywcSslkxlEODcx3XJs3o9LJcTmmGUxaZLzhOqkcZo6XHVIr_A2Mr7XLvemlvZvGrUoZL2Dem6gUpTc7-PKXj-6nAjX9DgLX8icN-tOOBiI-50Uc9VNTIMV392zoRySJ7v-o6I0oyi-NAu5fZbsfRMxKPTIoJKYLrPwWHyT_0puHik2hGJVK0Gg2IpGNi7mrMpMoyGbLt3Iy-OvUBg62HIkCxe21wnXrB91DBEeEB1Y4Fp63czKH32ARsCPbOvfFy24aKxcy2qEvV7l6_K1Cr2pQng9EVMUNVPmEMyM5glg28iF1YT6hKJexQYLdUo1IY1Xtzq3unmGe9zNRqudz7F9PKMPEEuSnZim__ZcSNJyC6Jd3KWCqGPz3L82F50HuXuF-KI0zAoUjPOIyn4Nh_gu2C3w41BqFKW8SKOfRQWqFrgn3zDeX9BQZKQint5X3EKgbpJQ5bJyxWa7dpTe3MrGJvMJuvexD69r4YXfh5K5GWAMTxvKlAyVPXVJoTzwf8Sqi4lY1i27U8cv5NVC0Xd2krbw20PxtDhOqRqtbQ24rKPk994xXJbsVq-D7lKs0Sru2nPXgsRD0wqukHPZ3nycAh4934k2Y5184upOIB6D_GW7ACGYG9Eyxe4Jlm251GnVyblXOGRywTgIDiAqHJoFusL9YcZWONha9qu4YPYZM5v70CvcI7CLNsEgFqo5Tedy1mQtn_E_VWmXa4kHxt9uC01foi2WC8hGgAOE49bVl-twUW5NoOKl6cbbWpSnmzZoCyN-UQbryPnLMjzQR72R1jOVGGb7BQ33jPNsnpek92yLZYHpIoBFHVyjP80X1axN5AAkzCuJpQ5_15H_URpmVXooirPTiC5U282UACi7Wq-ikAwvwHqhmQyVxh8mNria-dFiYSZAQN15DvRPNnl_QRQbhgi8S0n1WLYZUegAfTmNkj_Z-kpqSjxhoDFZoLkgPGxAUkkZncWnJ0KuKwymUWC1TQDWejB8BdwIA4JpKwY7mM4NM0OReS6KOEPuiCbqqWF9LN3tHis5sSXSs2El9uxQxD-e2t1AseGNOiKtKfiRXQ119e2eq953lNnyVpszF7iygJyDsJmgmGwL9chnYVbCBJsWEsDEV-pdD79dbAG1gKfIgK3NW5AWsdrvuh11bb6DGrk2mH1HzZFpFUT6dNtDHUXMFblCL-WkrEJq_9VxwD1hhtHZJpsRhgxXG1UlejQoDQbuLAZda-D08SWthXwCn3CDfIGutEz_LuETvZbfg6H_D7sHq2wnyTQjWlfgQJStGdX11iq0sKTIamT3a7G09xw8_QPtcVETaG4_-stFk07P8qDqG_MCizZLSCAhNs43-RSDbTLDLO4PaLoDF5MIUWvDUEx4kjPGLxldY7oR2RyK-GrQnBDqO7cxT_7TrNHoFPszVnojhy4P6rsr5BI_h3oLSx0-kRmdfauJKm6aFzszBIm1X_vDmU7sXqi70NPt77fuQ6GeKd480n1Xbg003w3OkUXE9GzYmMzxzcbsyUdiNgHU2TpkQz5J_fVdrAAePRV4dq2F6045KkxeWg3Ai49HWusoaiJwM9koi_drxCEiLoGLzblkkhU1S16nzsg-zlvm30vUeArrLnvwQ1Hi5FVKWzdd9s3XRRmU8_JXsXoOXjeos4IwRqCYNiJOc6xPuv-zAcSdr7KfoNTLVTPUeXvOqOq15Ij2K4DUPV7Qyy0welDxRbDPvgUrQv3b4rPpuwHFQzwz7MINXtD0GcCggPUSgF4WpRy_N6gpZ6QrAmBM6BqnG3XAXvanBPrfNZUUG2TgO91uHbh_Lj6P1EM3EK9PKiJGfqOkGe5zvsCfhIEswYov-4B-ukPra2hjhJ7Bec_jND-fu_58dDcQkkgWbVt3p3lPd-sTTNH9udbe3WDVGxI076xdKqkcwQXT6VIZV-rO1vagLTq01d2tDt_VynDvPHC5bsN1aTuodvHObZwXKZLGCDKkynFsOG-Dt0DcBqEawa3paKBvw7ilMmfH-8U1_wTCsktt2TwtKNYKjEFZsB7lNU3BviIxtAm3CHs7Ddhlz8YqsD9yG-w5C6qQc1cRLKtgnyCcyR9TqY5Mh76Dwj1FjdUqjm9SHBMn9hdNmNIsz_MXFM8Jw3NkhEDzRornRrWfg3idP9zbNVFZfawBjwaBglUadsIfoJ3RquY9VMJ_k98b9mtp0ed4w4GEEOvy_oWje_hHf22KuoitFScIadlgCwb_mZNKLfbU-YU1qMX-RrEJbabZwCwBgp6gbMwBJ2xPra2ElnYDiibAQpYJjaHBpxyewNnragKl5uFjIaFdsIt-7cRXrI9yhFdEVqbVAsW45xS5YFkMB28muCuXlNgI-rdl4B6TZqPHwBfTxHz93sy2ddOs9FXwZmDP-ZPmoCd-aM1FKL1Nu8xanU0aUJ9WNft6jZ7CijF3aq7o_lLdDi8n45ipUl7GKJfwRRfCboCTIr611d7dsHqnT18PhhFO1TqY85eK57UdAGbg5sv4-D0eka6RGqBmxI2UK7kU2zehMD3rhOl_0m00?>Azure GovernanceAzure Governance1) Org Intent (Non-negotiables)2) Azure Hierarchy (Where governance applies)3) Guardrails (Enforced constraints)4) Execution (Inside boundaries)5) Signals (Constraints flow upward)6) Governance Evolution (Adjustments)Regulatory constraints- isolation requirements- auditability expectations- data residency / region rulesCost accountability- owner per workload- budget boundaries- chargeback/showback modelOperational expectations- incident ownership- production readiness baseline- SLO / reliability postureTenant RootMinimal global constraints(avoid heavy policy here)Management GroupsControl domains (policy blast radius)Regulated vs non-regulatedCritical vs non-criticalPlatform vs productSubscriptionsPrimary boundary for:- ownership & accountability- cost- RBAC- failure / blast radiusAzure Policy + InitiativesUse for:-denynon-negotiables-modifybaselines-auditvisibilityAnti-pattern: audit-only everywhereRBAC ModelRules that scale:- groups-only assignments- least privilege by default- avoid subscription-wide humans- time-bound elevation for prod- review drift as debtStandardsMake cost & ops tractable:- tagging (owner, costCenter, domain, env)- naming- allowed regions/SKUs- lifecycle (expiration, cleanup)Landing Zones (Baseline)What 'good' looks like by default:- network baseline- logging/diagnostics routing- security baseline- deployment boundariesTeams & WorkloadsAutonomous squadsOwn runtime outcomeswithin guardrailsCI/CD + IaCDeploy without human approvalsas long as compliant(guardrails replace gates)RuntimeServices, data, networkLive production behaviorunder stressPolicy signals- denies (hard stop)- violations trendRate > countExceptions with expiryCost signals- drift vs baseline- anomalies- spend by owner/domain(not just by subscription)Access signals- role assignment growth- privilege creep- emergency access permanenceFriction signalsEarly warning:- bypass requests- platform pulled into delivery- 'temporary' exceptions- political cost reviewsRefine constraints- tighten deny/modify- reduce exception surface- standardize initiativesReshape boundaries- MG regrouping- subscription strategy changes- new domains / re-orgsClarify ownership- budgets & accountability- incident/runbook ownership- lifecycle enforcementSubscription strategy is irreversible debt if wrong.Choose subscriptions to match:- ownership (who answers)- cost (who pays)- blast radius (what breaks together)Policy types-deny: prevent non-negotiables-modify: enforce baselines automatically-audit: visibility (not control)Audit-only governance = *theater*.If governance is felt daily, it is likely misdesigned:- too many gates- unclear ownership- exception process without expirydefine global constraintsdefine accountability principlesdefine prod readiness baselinepartition control domainsallocate ownership + isolationinherit + enforcescope permissionsensure attribution & consistencyapply baseline postureallowed space (enforced)permitted actions (bounded)predictable automation inputscompliant deployments by defaultship changes continuouslydeploy within constraintsviolations / deniesconsumption / spendaccess driftbypass pressuretune enforcementimprove attributionreduce privilege creepredesign boundariesupdate initiativesreshape hierarchyenforce owners/budgetsMental model-Decisions flow downward: intent → structure → constraints → execution-Constraints flow upward: signals → drift → adjustment- Goal: maximize team autonomywithin enforced boundariesplantuml-src bLXXRnkv4Vs-lu98WOkai-8cTnSK1dg0epYkK3iAB2T10mC7QfTQiLwHUoHNYgueq4_z0KL_uVsIlY6v4dTjnsw0mFQI70vdthnvf9Ek4kpqjyO8TgutmYYkSi5-_zT_MPOzP-E7_c7iaxGDhvXhb5GbMsh353T6RrdDIs6_kTZUIbLpmzTimVFRqkX65HDTmOGpN5aC2UMIMNR52xtrs_3AYcJ4BysrKSAmbw-JWHg6uSVSxN0-8tB7LLcbAmknv4tbtcdbtlErO5FbXBaxVYs-kjDAbceDbrWbbgbVftJUwvNCRvMmbhryyQe_64xrXzV-NvOwthh4_f4nzaQRGfZkv7ycivLszqpya_-7YPdJDNEQBRHp6gvBiYwrUYo5bpWJKhZMXQZOu5RKZkLwZT2v8xQIvMfiSN1U3RzffXAbK4K8pMYKcXoDiZ4RZTwAN5fuOzco0ZoGIRNbfXYDJfX4q17Mt__z7sQTQN97EAI_Sam75Z1k_T_YgyWRVoIoE4b6lSscRYq6ZyEYmiXbCCwBlpVMKGgn_bppweIj-LUvbhy9vWG2p1kdbLxlO7mhtKeg9XGWdOi2GGN4k972uZmuQJZlOw5zEMGpKxO772YjnagKsac-g8JzTaGZTjcpQ6GQZRpl6Nd6k6KNV_J0EE3fsPKecuexRNPf66_Kc4chCO0eOlgl3L124V4Zl2caumjPIRT3i6koHXFzOC4Tnmeh2w7o7Jl6xwKtqi0BxyJq_VKlLsVdNJycsZh6ynpnQqsJDQGVnLhZ_rQRsqhpWhukcg8KBWasVSnNt9I2EEBOhlIMVWd8scywcSslkxlEODcx3XJs3o9LJcTmmGUxaZLzhOqkcZo6XHVIr_A2Mr7XLvemlvZvGrUoZL2Dem6gUpTc7-PKXj-6nAjX9DgLX8icN-tOOBiI-50Uc9VNTIMV392zoRySJ7v-o6I0oyi-NAu5fZbsfRMxKPTIoJKYLrPwWHyT_0puHik2hGJVK0Gg2IpGNi7mrMpMoyGbLt3Iy-OvUBg62HIkCxe21wnXrB91DBEeEB1Y4Fp63czKH32ARsCPbOvfFy24aKxcy2qEvV7l6_K1Cr2pQng9EVMUNVPmEMyM5glg28iF1YT6hKJexQYLdUo1IY1Xtzq3unmGe9zNRqudz7F9PKMPEEuSnZim__ZcSNJyC6Jd3KWCqGPz3L82F50HuXuF-KI0zAoUjPOIyn4Nh_gu2C3w41BqFKW8SKOfRQWqFrgn3zDeX9BQZKQint5X3EKgbpJQ5bJyxWa7dpTe3MrGJvMJuvexD69r4YXfh5K5GWAMTxvKlAyVPXVJoTzwf8Sqi4lY1i27U8cv5NVC0Xd2krbw20PxtDhOqRqtbQ24rKPk994xXJbsVq-D7lKs0Sru2nPXgsRD0wqukHPZ3nycAh4934k2Y5184upOIB6D_GW7ACGYG9Eyxe4Jlm251GnVyblXOGRywTgIDiAqHJoFusL9YcZWONha9qu4YPYZM5v70CvcI7CLNsEgFqo5Tedy1mQtn_E_VWmXa4kHxt9uC01foi2WC8hGgAOE49bVl-twUW5NoOKl6cbbWpSnmzZoCyN-UQbryPnLMjzQR72R1jOVGGb7BQ33jPNsnpek92yLZYHpIoBFHVyjP80X1axN5AAkzCuJpQ5_15H_URpmVXooirPTiC5U282UACi7Wq-ikAwvwHqhmQyVxh8mNria-dFiYSZAQN15DvRPNnl_QRQbhgi8S0n1WLYZUegAfTmNkj_Z-kpqSjxhoDFZoLkgPGxAUkkZncWnJ0KuKwymUWC1TQDWejB8BdwIA4JpKwY7mM4NM0OReS6KOEPuiCbqqWF9LN3tHis5sSXSs2El9uxQxD-e2t1AseGNOiKtKfiRXQ119e2eq953lNnyVpszF7iygJyDsJmgmGwL9chnYVbCBJsWEsDEV-pdD79dbAG1gKfIgK3NW5AWsdrvuh11bb6DGrk2mH1HzZFpFUT6dNtDHUXMFblCL-WkrEJq_9VxwD1hhtHZJpsRhgxXG1UlejQoDQbuLAZda-D08SWthXwCn3CDfIGutEz_LuETvZbfg6H_D7sHq2wnyTQjWlfgQJStGdX11iq0sKTIamT3a7G09xw8_QPtcVETaG4_-stFk07P8qDqG_MCizZLSCAhNs43-RSDbTLDLO4PaLoDF5MIUWvDUEx4kjPGLxldY7oR2RyK-GrQnBDqO7cxT_7TrNHoFPszVnojhy4P6rsr5BI_h3oLSx0-kRmdfauJKm6aFzszBIm1X_vDmU7sXqi70NPt77fuQ6GeKd480n1Xbg003w3OkUXE9GzYmMzxzcbsyUdiNgHU2TpkQz5J_fVdrAAePRV4dq2F6045KkxeWg3Ai49HWusoaiJwM9koi_drxCEiLoGLzblkkhU1S16nzsg-zlvm30vUeArrLnvwQ1Hi5FVKWzdd9s3XRRmU8_JXsXoOXjeos4IwRqCYNiJOc6xPuv-zAcSdr7KfoNTLVTPUeXvOqOq15Ij2K4DUPV7Qyy0welDxRbDPvgUrQv3b4rPpuwHFQzwz7MINXtD0GcCggPUSgF4WpRy_N6gpZ6QrAmBM6BqnG3XAXvanBPrfNZUUG2TgO91uHbh_Lj6P1EM3EK9PKiJGfqOkGe5zvsCfhIEswYov-4B-ukPra2hjhJ7Bec_jND-fu_58dDcQkkgWbVt3p3lPd-sTTNH9udbe3WDVGxI076xdKqkcwQXT6VIZV-rO1vagLTq01d2tDt_VynDvPHC5bsN1aTuodvHObZwXKZLGCDKkynFsOG-Dt0DcBqEawa3paKBvw7ilMmfH-8U1_wTCsktt2TwtKNYKjEFZsB7lNU3BviIxtAm3CHs7Ddhlz8YqsD9yG-w5C6qQc1cRLKtgnyCcyR9TqY5Mh76Dwj1FjdUqjm9SHBMn9hdNmNIsz_MXFM8Jw3NkhEDzRornRrWfg3idP9zbNVFZfawBjwaBglUadsIfoJ3RquY9VMJ_k98b9mtp0ed4w4GEEOvy_oWje_hHf22KuoitFScIadlgCwb_mZNKLfbU-YU1qMX-RrEJbabZwCwBgp6gbMwBJ2xPra2ElnYDiibAQpYJjaHBpxyewNnragKl5uFjIaFdsIt-7cRXrI9yhFdEVqbVAsW45xS5YFkMB28muCuXlNgI-rdl4B6TZqPHwBfTxHz93sy2ddOs9FXwZmDP-ZPmoCd-aM1FKL1Nu8xanU0aUJ9WNft6jZ7CijF3aq7o_lLdDi8n45ipUl7GKJfwRRfCboCTIr611d7dsHqnT18PhhFO1TqY85eK57UdAGbg5sv4-D0eka6RGqBmxI2UK7kU2zehMD3rhOl_0m00?>