Azure Management Groups

Overview

Azure Management Groups provide a governance scope above subscriptions, allowing you to efficiently manage access, policies, and compliance for multiple Azure subscriptions. They help you organize your resources into a hierarchy for unified policy and access management, making it easier to apply governance controls at scale.

Core Functionality

Hierarchy Setup

• Root Management Group: Create a root management group at the top level of your hierarchy.
• Child Management Groups: Under the root, create child management groups for each business unit or department. Each child management group can contain further nested management groups or subscriptions.

Policy Application

• Azure Policies: Apply Azure Policies at the management group level to enforce governance rules across all subscriptions within the group.
• Governance Rules: For example, create a policy to restrict the regions where virtual machines can be created.

Access Management

• RBAC: Use Role-Based Access Control (RBAC) to assign roles and permissions at the management group level.
• Resource Access: Ensure users have the appropriate access to resources based on their roles within the organization.

Resource Organization

• Resource Groups: Organize resources within each subscription into resource groups.
• Structured Environment: Maintain a structured and organized environment for resource deployment and management.

Monitoring and Compliance

• Azure Monitor: Use Azure Monitor to track the performance and health of resources across all management groups.
• Azure Security Center: Ensure compliance with governance policies and track the security of resources.

References

provide links to knowledge sources. use this format for the links so they open in a new tab.

• Overview of Azure Management Groups
• Create and Manage Azure Management Groups
• Management Group Resource Hierarchy