Management Groups in Azure
Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply your governance conditions to the management groups.
In this lecture, the focus is on Management Groups in Azure and their role in organizing and governing multiple Azure subscriptions. The core concept is that Management Groups provide a level above subscriptions, allowing for the centralized management of access, policies, and compliance. By organizing subscriptions into these Management Groups, governance conditions can be applied just once to the group, and all contained subscriptions will inherit these conditions. This structure simplifies management tasks and enforces governance at scale.
An example given to illustrate the utility of Management Groups is limiting VM deployment to specific regions. By setting a policy at the Management Group level, this restriction is automatically enforced across all subscriptions within the group, eliminating the need to configure each subscription individually.
Additionally, the lecture highlights the use of Management Groups for streamlining access management, where a single Role-Based Access Control (RBAC) assignment on a Management Group can grant appropriate access across multiple subscriptions. This is especially useful for admins who need broad access without the need for repetitive, individual subscription assignments.
Key limitations and structural rules are also covered: a single Azure directory can support a maximum of 10,000 Management Groups, a Management Group tree can be up to six levels deep (excluding the root and subscription levels), and each Management Group and subscription can have only one parent but potentially many children.
Finally, the importance of understanding that all subscriptions within a Management Group must trust the same Azure Active Directory (Azure AD) tenant is underscored. To aid with exam preparation, students are reminded to review the hierarchical structure of Management Groups as depicted in the provided image, emphasizing the importance of familiarity with Azure’s management hierarchy for effective use of Management Groups in real-world scenarios and for exam success.