Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.1.4.2. Manage Azure Subscriptions

šŸ’” First Principle: An Azure Subscription serves as the fundamental unit for billing, resource organization, and access control, defining a clear boundary for deploying resources, applying policies, and managing costs.

Scenario: Your organization is expanding its use of Azure. Different departments need their own environments, and costs need to be tracked per department. Security policies for production environments should be stricter than for development.

What It Is: An Azure Subscription defines a billing boundary and a security scope for resources.

Subscription Types:
  • Pay-As-You-Go: Flexible, billed monthly based on actual usage.
  • Enterprise Agreement (EA): For large organizations, with negotiated pricing and consolidated billing.
  • Free Account: Limited credits for trial or learning.

Relationship with Entra ID: Each subscription is linked to a single Microsoft Entra ID (Entra ID) tenant, which manages user identities, groups, and access permissions. This connection enables centralized identity and access management.

Managing Subscriptions:

āš ļø Common Pitfall: Using a single subscription for all workloads in a large enterprise. This leads to a lack of isolation, complex billing, and difficulty in applying granular governance policies.

Key Trade-Offs:
  • Isolation (Multiple Subscriptions) vs. Management Simplicity (Single Subscription): While a single subscription is easier to manage initially, multiple subscriptions provide better security, governance, and cost accountability for larger organizations.

Reflection Question: How does managing Azure Subscriptions as core units for billing and security fundamentally enable structuring cloud usage, applying policies, and controlling costs at an organizational level?