Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.2.2. šŸ’” First Principle: Subscriptions and Management Groups

First Principle: Azure's management hierarchy provides a structured way to organize, govern, and control cloud resources at scale. Its core purpose is to enable consistent policy enforcement, centralized management, and clear billing boundaries.

What It Is: This refers to the logical containers used to manage access, policies, and costs across an Azure environment.

  • Azure Subscriptions: A Subscription is a logical container for your resources and a boundary for billing. All resources must be deployed into a subscription.
    • Use Case: Often used to separate environments (dev, test, prod), departments, or projects for billing and access control purposes.
  • Management Groups: Management Groups are containers for managing access, policy, and compliance across multiple subscriptions.
    • Use Case: An enterprise can create a management group hierarchy to apply governance policies (e.g., restricting which regions resources can be deployed to) across all their subscriptions efficiently.

Scenario: A large enterprise has multiple departments, each with its own IT budget and projects. The central IT team needs to enforce a global security policy across all departments but wants to allow each department to manage its own costs.

Reflection Question: How does the use of Management Groups (for global policies) and Subscriptions (for departmental billing and access) allow this enterprise to achieve both centralized governance and decentralized management?

šŸ’” Tip: The hierarchy is: Management Groups -> Subscriptions -> Resource Groups -> Resources. Policies and access rights applied at a higher level are inherited by the levels below.