RG2("Resource Group: DB-Prod") S2 --> RG3("Resource Group: WebApp-Dev") S3 -->... - AZ-204: Developing Solutions for Microsoft Azure study guide by MindMesh Academy." />
Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

1.3.2. šŸ’” First Principle: Subscriptions

First Principle: An Azure Subscription defines a billing boundary and a security scope for resources, serving as the fundamental unit for organizing and managing Azure cloud usage and costs.

What It Is: A "Subscription" is a logical container for your Azure services and a billing unit. All Azure resources must belong to a subscription.

Key Concepts:
  • "Billing Boundary": Usage and costs are aggregated at the "subscription level", making it a key unit for cost management and chargeback.
  • "Security Scope": "Role-Based Access Control (RBAC)" permissions can be applied at the "subscription level", and these permissions are inherited by all Resource Groups and resources within that subscription.
  • "Resource Deployment Boundary": All Azure resources must be deployed within a subscription.
  • "Linked to Entra ID": Each subscription is linked to a single "Entra ID" (formerly Azure Active Directory) tenant, which manages user identities and access.
Visual: Azure "Subscription" Structure
Loading diagram...

Scenario: Your development team needs a separate Azure environment for testing new features, completely isolated from your production environment. You also need to track the costs incurred by the development team independently.

Reflection Question: How does using multiple Azure Subscriptions for different environments or departments fundamentally simplify cost management and enhance security isolation compared to developing everything within a single, monolithic subscription?

šŸ’” Tip: For enterprise cloud adoption, plan your subscription strategy early. It provides a natural boundary for billing, compliance, and access control.