AZ-104 - Governance and Compliance - Using management groups

What are Azure management groups?

Management groups

Define management groups
Understanding hierarchy
Scoping

Managing subscriptions

Organize and manage subscriptions by logically grouping them into management groups

Organizational hierarchy
Provides another scope for enforcing governance and compliance

Parent-child relationships

Root management group is the top level
Management groups and subscriptions can have a single parent
Supports six levels of hierarchy

Compliance Support

Azure Policies
Azure role-based access control (RBAC)

Next diagram shows how to represent an organizational hierarchy by having a Root management group, under root we have a subscription for EA, a Marketing management group and an IT management group.

The Marketing group also have 2 child subscriptions under the marketing management group and IT has another management group as a child management group.

This helps identify the hierarchy levels for our organization

All resources, permissions, etc will flow down in the hierarchy, for example if you give access to the root management group it will have access to IT, Marketing, etc it flow down in the hierarchy.

Illustration below shows 2 management groups under the main root Tenant group, we can access and add subscriptions or management groups inside an existing management group.

Here we can see the Parent management group for IManagementHTF its Tenant Root for HTF Organization since we created this management group inside our root

Root management group is not given by default

Root Management group cannot be moved or deleted

Azure RBAC is supported for management groups

Global Administrators must be elevated to User Access Administrator of root group

Azure Entra ID Mindmap

Azure Youtube Videos

AZ-104 - Administration - Azure Resource Manager

AZ-104 - Administration - Azure Portal and Cloud Shell Basics

AZ-104 - Administration - Azure CLI and Powershell

AZ-104 - Administration - Azure ARM Templates

AZ-104 - Governance and Compliance - Managing Subscriptions

AZ-104 - Governance and Compliance - Using management groups

AZ-104 - Governance and Compliance - Understanding Azure Policy

AZ-104 - Governance and Compliance - Tagging Resources

AZ-104 - Governance and Compliance - LAB Add Remove Tags

AZ-104 - Governance and Compliance - Locking and Moving Resources

AZ-104 - Governance and Compliance - Managing Azure Costs

AZ-104 - Governance and Compliance - Building a cloud governance strategy wth Azure tooling

AZ-104 Azure Identity - Conceptualizing Entra ID (Azure Active Directory)

AZ-104 Azure Identity - Managing Tenants

AZ-104 Azure Identity - Creating and Managing Users

AZ-104 Azure Identity - LAB Create and Manage Microsoft Entra ID Users in the Portal

AZ-104 Azure Identity - LAB Perform Bulk Microsof Entra ID Operations in the Portal

AZ-104 Azure Identity - Creating and Managing Groups

AZ-104 Azure Identity - Creating Administrative Units

AZ-104 Azure Identity - Configuring SSPR (self serfice password reset)

AZ-104 Azure Identity - Azure Entra ID Device Management

AZ-104 Azure RBAC - Understanding Roles in Azure

AZ-104 Azure RBAC - Assigning access to resources

AZ-104 Azure RBAC - LAB Using service Principal Identity to List AD Roles

AZ-104 Azure RBAC - Creating custom roles

AZ-104 Azure - Storage Accounts

AZ-104 Azure - Conceptualizing Azure Blog Storage

AZ-104 Azure - Configuring blob object replication

AZ-104 Azure - Configuring Blob Lifecycle Management

AZ-104 - Governance and Compliance - Using management groups

What are Azure management groups?

Management groups

Managing subscriptions

No Comments