If your organization has multiple Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. This can be accomplished through Management Groups. Through Management Groups, you can: (1) group subscriptions allowing for new organizational models and single assignment of controls that apply to all subscriptions. (2) create a flexible hierarchy that can be updated quickly and can easily scale up or down depending on the needs of the organization, and (3) use Azure Resource Manager to integrate with other Azure services like Policy, Cost Management, Blue Prints, and Security Center.
In this simple example, using Management Groups, we have created an organizational hierarchy. Starting at the corporate level, we have created two management groups – one for the Marketing team and one for the IT team. Within the IT group, we have established two additional management groups – one for the Infrastructure Team and the Application team. Using Role-Based Access Control, we are limiting the Marketing Team’s access to the Dev/Test subscription, the Infrastructure Team to the EA subscription, and the Application Team to the Pay-As-You-Go subscription.
In that example, we applied each principle of Azure Management Groups – Grouping subscriptions together, creating an organizational hierarchy, and applying controls and access to other Azure services. In our next blog post, we will cover Azure Policies and Initiatives.
Learn more about Azure Management Groups in our Azure Governance mini video series!