We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
8
30
2018

Azure Management Groups Simplify Subscription Administration

Last updated:
9.16.2020
No items found.
customer support icon
A Lunavian

Your trusted adviser for enterprise IT services: hybrid IT, cloud, digital transformation, data center, & consulting.

If your enterprise cloud environment has started to sprawl out beyond one or two Azure subscriptions, chances are you’ll need to implement some form of management and policy enforcement across your Enterprise Agreement to control costs and ensure compliance. Enter Azure Management Groups.

Management Groups can be used to apply conditions to subscriptions based on Azure regions, SKU sizes, server versions, resource type, and more. They work in conjunction with Azure Policy and Azure Role Based Access Controls (RBAC) and are similar to Active Directory in their setup and administration.

 

Management Group Hierarchies

When many departments or individuals each require different Azure subscriptions and they have the ability to deploy their own services and servers within their subscriptions, you need some way to enforce corporate Azure policy. A management group hierarchy spans from a root group down through branches for each relevant department or user.

Each group placed under another will inherit the policies of those above. A higher-level Management Group can set policies for those below it. Those below it can not change those policies. Each of these Management Group “trees” can run up to six levels beyond the Root level.

The Root group is built into the directory hierarchy and enables all global policies and RBAC assignments. New subscriptions are placed under the Root group when they are created and must be moved within the hierarchy.

Image sourced from Microsoft, Organize Your Resources with Azure Management Groups

 

Management Groups and RBAC

Azure Management Groups work in concert with Role Based Access Controls to assign resource access and role definitions according to the group directory.

You can assign the default RBAC roles of Owner, Contributor, Reader, and so forth to a Management Group. All Virtual Machines under that Management group will inherit the abilities of that Role. Custom RBAC is not currently supported within Management Groups.

This helps you control which subscriptions and users within your organization have which levels of control over their infrastructure. You can set Management Groups to have any combination over the creation, naming, movement, deletion, access control, policy assignments, and reading of Virtual Machines within a given Group.

For more on what RBAC can do, read What is role-based access control? 

 

Management Groups and Azure Policies

Azure Policies are configured to audit VMs based on disk type, size, name convention, tags with or without default values, locations, VM image source, encryption, diagnostics, network interfaces, network security groups, and much more

When you create a policy, you select the Management Group you wish to assign it to under the Policy definition page

 

For large scale Azure use across a variety of users and departments, Management Groups are an essential tool for administrators, enabling an easy way to implement a policy-based hierarchy for access control, security requirements, VM configuration compliance, and more. Consider implementing them if your subscription users have started to create VMs that are out-of-bounds in relation to your Azure use policies.

Recent Blog Posts

lunavi logo alternate white and yellow
BLOG
3.13.2025
3
.
12
.
2025
Unlocking the Power of Azure Managed Services with Lunavi

Cloud computing has become the backbone of modern business, offering agility, scalability, and cost efficiency. But managing cloud environments while keeping costs under control and security airtight? That’s a challenge. Azure Managed Services streamline cloud operations, helping businesses optimize spending, enhance security, and future-proof applications. Lunavi provides the expertise and tools to make it happen—so you can focus on growth instead of IT headaches.

Learn more
lunavi logo alternate white and yellow
BLOG
2.11.2025
2
.
7
.
2025
The Future of Test Automation: Key Trends Shaping 2025 and Beyond

Software testing has gone from a chore to a game-changer, thanks to automation. But in 2025, sticking to old methods means falling behind. Stay ahead by embracing the future of test automation—let’s explore the key trends shaping what’s next.

Learn more
lunavi logo alternate white and yellow
BLOG
2.11.2025
1
.
23
.
2025
The Importance of Cross Browser Testing

Making sure users have a smooth experience across all these platforms is crucial for businesses to stay competitive. Cross-browser testing is now a key part of modern development. It helps teams find and fix problems like layout issues, broken features, or slow performance before users are affected. Let’s look at why cross-browser testing matters and explore tools that make it easier to get the job done.

Learn more

How Can We Help You Navigate What's Next?

Let's work together to deliver the services, applications, and solutions that take your organization to the next level.

Get Started
Services
Company
Contact
© 2024 Lunavi, Inc. All Rights Reserved.
Privacy Policy | Acceptable Use