Azure Management Infrastructure

Azure offers a comprehensive array of services and tools for building, deploying, and managing cloud-based applications and infrastructure. However, understanding the intricate hierarchy and relationships between Azure's foundational components can be a challenging task. To simplify this understanding, let's delve into Azure's organizational structure, exploring the roles and interdependencies of Azure Accounts, Management Groups, Subscriptions, Resource Groups, and Resources.

Azure Account: The Gateway to the Cloud

An Azure Account serves as the primary entry point to the Azure ecosystem, providing a centralized platform for managing and accessing Azure resources. Each Azure Account is associated with a single Azure Active Directory (Azure AD) tenant, which acts as the identity and access management hub for the account.

Management Groups: Organizing Subscriptions for Unified Management

Management Groups introduce a layer of organization above subscriptions, enabling administrators to group multiple subscriptions together and apply policies, set quotas, and manage access controls across the entire group. This hierarchical structure simplifies management of a large Azure estate, ensuring consistency and compliance across various organizational units.

Subscriptions: The Billing and Billing Boundary

Subscriptions represent the fundamental unit of billing and resource management in Azure. Each subscription holds a unique identifier and is associated with a specific Azure Account. Resources deployed within a subscription are billed to the associated Azure Account.

Resource Groups: Logical Groupings of Related Resources

Resource Groups serve as containers for related Azure resources, providing a logical way to organize, manage, and deploy resources that share common characteristics, such as function, lifecycle, or ownership. Each resource group is tied to a particular subscription and serves as a boundary within that subscription to manage and organize resources. Resources within a Resource Group can be deployed and deleted together.

Resources: The Building Blocks of Cloud Infrastructure

Resources represent the core components of Azure infrastructure, encompassing virtual machines, storage accounts, networks, and other cloud-based services. Resources are deployed within Resource Groups and are managed, controlled, and accessed through Azure's management tools and APIs.

Policies, RBAC or budget can be applied at a certain scope. The scope can be at a management group, at a subscription, or at a resource group level. The lower-level scope inherits its parent's policies, RBAC, or budget. For example, if a policy is applied at a management group level, all subscriptions and resource groups within that management group will inherit that policy.