You may have several subscriptions for your Azure portal.
Organization, Private account, and other azure subscriptions. So it’s bit
confused to handle multiple subscriptions together. So azure has given a
solution to that by introducing Azure Management Groups, which users can manage
your multiple subscriptions in a single place.
This cool feature enables users to apply governance controlling
as Role Based Access Controls as well as like Azure Policies. You can create a
management group by adding your subscriptions and apply rules and governance
policies to the group and will be inherited to those subscriptions.
There can be many type of subscriptions like Certified Solution
Partner, Enterprise Agreement, Pay-As-You-Go and other types as well. To use
this feature, customer need to pay no additional cost even if it’s come to
large scale service.
The best thing about this new feature is user can apply policy
or RBAC to multiple subscriptions. Also users can group other management groups
even. So users can manage their subscriptions as well as other management
groups from one place.
How it Works
The above image shown, that users can group
several subscriptions and add the policy or RBAC.
Ex: Let’s say User need to apply a security
policy to “Infrastructure Team management group”. Eventually that policy will
be inherit to parent EA Subscription. So all the VMs will controlled according
to that policy. But subscription or resource owner cannot alter this policy to
allowing improved governance.
Any other benefits?
Once it comes to workload users can reduce it
as well as the risk of error. If there are duplicate assignments, there will be
a risk of having errors. But with managed groups, users can apply multiple
assignments throughout any number of resources and subscription. So there won’t
be a duplicate risk and errors.
Ex: One assignment will be on one management
group where it will contain the target resource. Will save the time in
application of assignments, since it creates a point to maintenance. This can
be allowing for better control which who can control the assignment.
Another benefit which users can gain is User
access management. Users can easily add user access controls by adding relevant
subscriptions to the privileged managed group. Since users can create RBAC
assignments, those access will be inherited to chosen subscriptions under
management group. No need of script running any more. Just add your
subscriptions to the managed group and assign RBAC assignment.
The new and Existing services will be benefitted with Azure
managed groups and will be more functional.
Get started with Azure Portal
Head in to Azure
managed groups to enable feature.
Image Source: https://azure.microsoft.com/es-es/blog/azure-management-groups-now-in-general-availability/
No comments:
Post a Comment