What are Azure management groups?
Azure management groups provide a governance scope above subscriptions, allowing efficient management of access, policies, and compliance across multiple Azure subscriptions.
How do management groups affect governance conditions?
Governance conditions applied to a management group cascade by inheritance to all associated subscriptions.
What is required for subscriptions within a management group?
All subscriptions within a single management group must trust the same Microsoft Entra tenant.
What can be applied to a management group to control VM creation?
A policy can be applied to limit the regions available for virtual machine (VM) creation.
What is the maximum depth of a management group tree?
A management group tree can support up to six levels of depth.
What is the role of the root management group?
The root management group allows for the application of global policies and Azure role assignments at the directory level.
What is the display name of the root management group by default?
The default display name is ‘Tenant root group’.
Can the root management group be moved or deleted?
No, the root management group cannot be moved or deleted.
What happens during the initial setup of management groups?
The root management group is created, and all existing subscriptions become children of this root management group.
What is Azure RBAC in the context of management groups?
Azure RBAC supports resource access and role definitions, allowing permissions to be inherited down the hierarchy from management groups.
How can management groups be audited?
Management groups can be audited using Azure Monitor activity logs.
What are some key considerations when using subscriptions?
Subscriptions serve as boundaries for Azure Policy assignments, management boundaries for governance, and can support isolation of workloads.
What is the purpose of establishing separate platform subscriptions?
Separate platform subscriptions can support management, connectivity, and identity when required.
What is subscription vending?
Subscription vending is the process of automating the creation of subscriptions for application teams via a request workflow.
What are the benefits of subscription vending?
- Streamlined process for requesting subscriptions
- Improved velocity for application teams
- Efficient governance over application landing zones
What is a critical aspect of managing costs in large Azure environments?
Establishing a chargeback model for better distribution of costs across the organization.
What should be included in the requirements gathered at subscription intake?
- Anticipated budgets
- Subscription owners
- Networking expectations
- Business criticality & confidentiality classification
Fill in the blank: Every directory has a single top-level management group called the _______.
root management group
True or False: All Azure customers can manage the root management group.
False
What is a key recommendation for subscription management?
Treat subscriptions as a unit of management that aligns with your business needs and priorities.
What should be done to ensure policy compliance in subscriptions?
Perform regular access reviews and remediate when necessary.
What is the initial step in the subscription deployment pipeline?
Gather requirements at intake.
What information should be included in subscription requirements?
- Anticipated budgets
- Subscription owners
- Networking expectations
- Business criticality & confidentiality classification
Who assumes control of the subscription request process after submission?
The platform team.
