Open in app

Sign in

Write

Sign in

Azure Management Groups and Building Compliance

CloudClarity
2 min readJul 15, 2021

--

Stop yourself from feeling overwhelmed by the time-consuming manual management of your Azure costs and usage.

Management groups are the central mechanism that permits the application of restrictions throughout Azure subscriptions, tenants and resource groups.

When a restriction is applied at the management groups level, it enforces this restriction to the child objects below this management group.

Table of Contents:

1. Management Group Planning

2. Tenant Root Groups

3. Management Group Governance

1. Management Group Planning

Say an organisation has already defined a set of Management Groups

Admins can define policies and restrictions on the Tenant Root Group (top level) for the connected branches (Dev and Test Group, Production Group), in addition to each of their separate subscription. You don’t necessarily need to define anything, but it’s very useful to be able to go back to your original plan to alter specific settings.

So, Management Groups are intended for more efficient administration of multiple Azure subscriptions.

2. Tenant Root Groups

Every Azure AD tenant contains a Management Group referred to as Tenant Root Group. This can be seen through the Azure Portal by opening the tab called Management Groups.

By going into Details and then selecting Rename Group, you can make alterations to the name of this group. However, if you want to add a new Management Group, select the Add Management Group button.

Keep in mind that the Management Group ID cannot contain any spaces, however, the Management Group display name can be chosen with less restrictions.

The Management Group will be empty upon creation, so you must put Azure subscriptions into this group either by allocating a subscription or by moving an existing one from another Management Group.

3. Management Group Governance

Now that a Management Group has been set up with a subscription, you can use this Management Group to review activity through Azure Activity Logs. The same strategy can be used to create monitoring and security solutions for anything within a specific Management Group.

To better govern your Azure subscription with best practices, explore our CloudClarity app: https://portal.cloudclarity.app/

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Cloud
Azure
Cloud Compliance
Cloud Governance
Cloudclarity

--

--

CloudClarity
CloudClarity

Written by CloudClarity

9 Followers
2 Following

Blog for CloudClarity, Manage, audit and tag your Azure bill like never before portal.cloudclarity.app

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams