AZ-900: Describe Management Groups

Azure Management Groups help organizations manage governance at scale. They allow you to apply access controls, enforce policies, and ensure compliance across multiple Azure subscriptions.

What Is a Management Group?

A management group is a logical container that sits above subscriptions in the Azure hierarchy. It is designed for centralized management of multiple subscriptions. You can:

  • Group subscriptions based on business units, environments, or geographic locations.
  • Apply rules that automatically affect everything within the group.

How Do Management Groups Work?

Management groups help enforce consistent policies:

  • You can create a policy that restricts all subscriptions in a group to specific actions or regions. For example, you could limit virtual machines to only be deployed in East US.
  • Access control (RBAC) can be set at the management group level. All underlying subscriptions and resources inherit these settings. For more on RBAC, see #topic 38#.

This inheritance ensures consistent compliance across your cloud environment. For broader policy management, see also #topic 47# and #topic 46#.

Hierarchical Structure

Management groups follow a tree-like structure:

  • The hierarchy begins at the Root management group.
  • Each group can contain subscriptions and other management groups.
  • You can nest management groups up to six levels deep.
  • Each subscription or management group can belong to only one parent.

This design helps organize large enterprises that use multiple subscriptions for different projects or teams. For more on Azure’s organizational structure, see AZ-900: Describe the hierarchy of resource groups, subscriptions, and management groups.

Subscriptions and Management Groups

While subscriptions focus on billing and usage control, management groups focus on governance and structure.

Together, they enable fine-grained control of your Azure estate. With this hierarchy, you can ensure policies are applied consistently without having to configure each subscription individually.

Conclusion

Management groups are powerful tools for organizations with many subscriptions. They provide a scalable way to manage access, enforce rules, and maintain compliance from the top down.

Want to see how to structure your Azure environment at scale? Explore it with us in the AZ-900 video course at https://idodata.com/az-900-microsoft-azure-fundamentals/. Or please go back to our list of AZ-900 requirements.

Please click here to find out more about Microsoft’s AZ-900 exam.

author avatar
Datablog

Leave a Reply

Your email address will not be published. Required fields are marked *