Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.
You can add governance rules, such as Azure Policy and Role-Based Access Controls (RBAC), to the management groups and arrange your subscriptions using management groups. The controls applied to a management group are automatically inherited by all subscriptions within that management group. This solution offers all Azure clients enterprise-grade administration at a big scale for no extra cost, regardless of whether you have an Enterprise Agreement, Certified Solution Partner, Pay-As-You-Go, or any other type of subscription.
With the general availability of this service, we add additional functionality to Azure that enables users to bundle subscriptions together in order to apply a policy or RBAC role to a number of subscriptions’ resources with only one assignment. In addition to grouping subscribers, management groups let you arrange them in a hierarchy by combining them with other management groups. The diagram that follows provides an illustration of how management groups can be used to build a hierarchy for governance.
You can enable internal compliance and security policies by setting up a hierarchy in this way and applying a policy to the group “Infrastructure Team management group,” for example, VM locations limited to US West Region. This policy will apply to all VMs under both of the EA subscriptions that management group manages and will inherit onto both of those subscriptions. The fact that this security policy is inherited by subscribers from the management group and cannot be changed by the owner of the resource makes for better governance.
By eliminating duplicate assignments, management groups help you cut back on your workload and lower the possibility of errors. Applying a single assignment to a single management group that comprises the target resources is preferable than applying several assignments across numerous resources and subscriptions. This shortens the application process for assignments, creates a single point for upkeep, and enables better control over who can manage the assignment.
We will combine new and current services to offer even more capability as we continue to develop management groups within Azure.
Begin right away
Visit the management group papers to get started and discover the fantastic functionality you can use right away. Go directly to management groups in the Azure portal and choose “Start utilising management groups” to launch your new hierarchy if you’d want to get started right away.