You may have several subscriptions for your Azure portal. Organization, Private account, and other azure subscriptions. So it’s bit confused to handle multiple subscriptions together. So azure has given a solution to that by introducing Azure Management Groups, which users can manage your multiple subscriptions in a single place.
This cool feature enables users to apply governance controlling as Role Based Access Controls as well as like Azure Policies. You can create a management group by adding your subscriptions and apply rules and governance policies to the group and will be inherited to those subscriptions.
There can be many type of subscriptions like Certified Solution Partner, Enterprise Agreement, Pay-As-You-Go and other types as well. To use this feature, customer need to pay no additional cost even if it’s come to large scale service.
The best thing about this new feature is user can apply policy or RBAC to multiple subscriptions. Also users can group other management groups even. So users can manage their subscriptions as well as other management groups from one place.
How it Works
The above image shown, that users can group several subscriptions and add the policy or RBAC.
Ex: Let’s say User need to apply a security policy to “Infrastructure Team management group”. Eventually that policy will be inherit to parent EA Subscription. So all the VMs will controlled according to that policy. But subscription or resource owner cannot alter this policy to allowing improved governance.
Any other benefits?
Once it comes to workload users can reduce it as well as the risk of error. If there are duplicate assignments, there will be a risk of having errors. But with managed groups, users can apply multiple assignments throughout any number of resources and subscription. So there won’t be a duplicate risk and errors.
Ex: One assignment will be on one management group where it will contain the target resource. Will save the time in application of assignments, since it creates a point to maintenance. This can be allowing for better control which who can control the assignment.
Another benefit which users can gain is User access management. Users can easily add user access controls by adding relevant subscriptions to the privileged managed group. Since users can create RBAC assignments, those access will be inherited to chosen subscriptions under management group. No need of script running any more. Just add your subscriptions to the managed group and assign RBAC assignment.
The new and Existing services will be benefitted with Azure managed groups and will be more functional.
Get started with Azure Portal
Head in to Azure managed groups
Image Source: https://azure.microsoft.com/es-es/blog/azure-management-groups-now-in-general-availability/