What are Azure Management Groups?

By

 

  • Azure has four management levels that help you organize, secure, manage, and monitor costs.
  • So, this image shows the four levels of management scope and the relationship.
  • Management group is at the top of the hierarchy. All subscriptions in a management group automatically inherit the conditions or settings specified at a management group level. So, a management group is like a container for all your subscriptions.
  • As subscriptions there can also be multiple management groups in an organization.
  • For example, if organization we want to allow azure resources to be created only in the South India azure region. 
  • To achieve this, Create a policy at the Management Group Level.
  • This policy is then automatically applied to all management groups and subscriptions that come from the IT management group.
  • The security policy is applicable to all resources under those subscriptions and cannot be modified in any way by the inheritance.
  • So, obviously governance becomes much easier.

Create a management group:

  • Open the Azure Portal
  • You can create the Managment Group from the More Service, or you could search the resource

  • Click on the Managment Groups then click on create.
  • Fill the Managment Group Id and Managment group display name and click on submit.
  • Note:  Management group ID Cannot be updated after creation.

  • You could see that the management group is now created

Add the Subscription to Managment Group:

  • Open the Management group and add the subscription to it by clicking on the Add subscription button
  • Add the Subscription to the management group and click on save button.

  • Now you could see that the Subscription is added to the management group

Add the Policy to the Management group:

  • Navigate to the Governance Blade, Click on the Policy

  • We will create the policy by clicking on the Assign Policy button

  • Fill the mandatory fields
    • Scope is your management group
    • You can provide the Exclusions, to which policies needs to be excluded ex: resource group, resources.
    • Policy Definition: To validate the resource group, resources.
    • I will select the Allowed location policy, for which the resource groups and resources under the subscription will follow the validation.
    • To select the Policy Definition, click on the 3 dots and search for the Allowed locations, then click add button.

  • Click on Next, In the Paraments Tab select the Allowed Locations, to which the user can create the resources or resource groups in the specific location only.
  • Click on Review + Create > Create

  • Now you could see that the Policy has been added to the Managment group.
  • Now the resources created under the management policy could be created in the South India location, if you try to create in other location, then it will show you the validation error.

Create a Storage Account

  • Now Let us try to create the storage account in the other region rather than South India, you can see that we are not able to create the storage account with the East US location.

  • Now Let us try to create the storage account in the South India Region, you can see that we are able to create the storage account with the South India location.

Conclusion:

Azure Management Groups provide a scalable way to manage multiple subscriptions, and policies can be applied at the group level for consistent governance.































Location: Hyderabad, Telangana, India

Comments

Post a Comment

Popular posts from this blog

What is Microsoft Entra ID and How does Licensing Works?

By
What is Microsoft Entra ID ? Microsoft Entra ID is a service in the cloud that helps your employees log in to and use resources outside your organization. Examples of these resources are Microsoft 365, the Azure portal, and many other software services available online. Microsoft Entra ID also helps employees access internal resources, such as apps on your company’s intranet and any cloud apps created specifically for your organization. Who uses Microsoft Entra ID ? Microsoft Entra ID offers various benefits to your organization's members depending on their roles: IT Administrators : Manage and secure access to resources. Employees : Access both internal and external applications. Developers : Build and integrate apps with secure access features. Security Professionals : Monitor and enforce security policies. We can perform the below options Add or delete users. Restore users. Add or change user profile information. Reset or change a user’s password. Self-service password reset. As...
Read more

What are Azure Resources and Resource Groups

By
Image
we’ll understand what are azure resources and resource groups. First, let’s understand, what are azure resources? Azure Resource Think of resources in Azure as individual pieces or instances of the services you use. Just like how you might have different appliances or gadgets in your home for various tasks, each Azure resource serves a specific purpose, such as storing data, running applications, or managing networks. like virtual machines, app services, storage accounts, SQL databases, function apps, etc. All these are azure services. So, every time you create an instance of a service, you are creating an azure resource.  Azure offers a huge variety of services. You can see the complete list of services by navigating to this URL.  https://portal.azure.com/#allservices Azure Resource Group : It’s a logical container for grouping related azure resources. A resource group is a group of azure res...
Read more

What are Azure Resource Group Benefits?

By
Image
Before staring, please check this article What Are Azure Resources and Resource Groups? Benefits:  The main benefits are administration is much easier. Let's understand this with an example.   Consider a virtual machine. When we create a virtual machine in azure, several other associated resources are automatically created like the following - a disk for the virtual machine, public IP address, network interface, network security group and a virtual network. Without these resources, an azure virtual machine doesn’t work as expected. After you're done with the VM, you may want to delete it to save on cost.  However, when you delete the virtual machine, the associated resources are not automatically deleted. You have to delete them manually. If you forget to delete one or more associated resources, you are unnecessarily paying for those resources that you're not actually using. ·          Now, let's quickly take ...
Read more