You’re offline. This is a read only version of the page.
Skip to main content
Power Platform
Cancel
Forums
Copilot Studio
Power Apps
Power Automate
Power Pages
Blogs
User groups + events
Galleries
Ideas
Copilot Studio
Power Apps
Power Automate
Power Pages
Resources
Community help
Community support
News
Learn
Feedback
Search
Notifications
Announcements
Welcome to the Power Platform Communities
Welcome to the Power Platform Communities
Power Platform Community
/
Blogs
/
Power Apps Community Blog
/
What are Azure Management G...
What are Azure Management Groups?
AkhileshKhoday
Follow
Like
(
0
)
Share
Report
Azure has four management levels that help you organize, secure, manage, and monitor costs.
So, this image shows the four levels of management scope and the relationship.
Management group is at the top of the hierarchy. All subscriptions in a management group automatically inherit the conditions or settings specified at a management group level. So, a management group is like a container for all your subscriptions.
As subscriptions there can also be multiple management groups in an organization.
For example, if organization we want to allow azure resources to be created only in the South India azure region.
To achieve this, Create a policy at the Management Group Level.
This policy is then automatically applied to all management groups and subscriptions that come from the IT management group.
The security policy is applicable to all resources under those subscriptions and cannot be modified in any way by the inheritance.
So, obviously governance becomes much easier.
Create a management group
:
Open the
Azure Portal
You can create the Managment Group from the More Service, or you could search the resource
Click on the Managment Groups then click on create.
Fill the Managment Group Id and Managment group display name and click on submit.
Note:
Management group ID Cannot be updated after creation.
You could see that the managment gorup is now created
Add the Subscription to Managment Group:
Open the Managment group and add the subscription to it by clicking on the Add subscription button
Add the Subscription to the management group and click on save button.
Now you could see that the Subscription is added to the management group
Add the Policy to the Management group:
Navigate to the Governance Blade, Click on the Policy
We will create the policy by clicking on the Assign Policy button
Fill the mandatory fields
Scope is your management group
You can provide the Exclusions, to which policies needs to be excluded ex: resource group, resources.
Policy Definition: To validate the resource group, resources.
I will select the Allowed location policy, for which the resource groups and resources under the subscription will follow the validation.
To select the Policy Definition, click on the 3 dots and search for the Allowed locations, then click add button.
Click on Next, In the Paraments Tab select the Allowed Locations, to which the user can create the resources or resource groups in the specific location only.
Click on Review + Create > Create
Now you could see that the Policy has been added to the Managment group.
Now the resources created under the management policy could be created in the South India location, if you try to create in other location, then it will show you the validation error.
Create a Storage Account
Now Let us try to create the storage account in the other region rather than South India, you can see that we are not able to create the storage account with the East US location.
Now Let us try to create the storage account in the South India Region, you can see that we are able to create the storage account with the South India location.
Conclusion:
Azure Management Groups provide a scalable way to manage multiple subscriptions, and policies can be applied at the group level for consistent governance.
Video Ref:
What are Azure Management Groups and Subscriptions
Comments
Add new comment
Comment on this blog post
You don't have the appropriate permissions.
Welcome,
Profile
Messages
My activity
Sign out