Resources are like individual items (virtual machines, databases, etc.) and are organised into resource groups.
Subscriptions can hold multiple resource groups, used for access control, billing separation, and organisation.
Management groups categorise and managing subscriptions at a wider scale. Usually only large companies (think global companies with hundreds of departments and offices) would use management groups.
Azure has opened a whole new world of services to us, letting us create virtual machines, storage blobs, virtual networks and more in the cloud.
Hmmm... once we're creating heaps and heaps of these, how do we keep things organised?
Azure has a system that's like a well-organised library, where everything has its place. Let's break it down in simple terms.
Everything you create with Azure is a resource. These resources can be virtual machines, databases, storage accounts, and anything else you create! They're like the basic building blocks of Azure.
Now, if we think of resources as books, a resource group is the single shelf you use to put together resources. Let's look at the key facts for resource groups:
Aside from the handy organising that resource groups do for us, they also save us time:
Now, let's talk about subscriptions. If resource groups are single shelves, think of subscriptions as bookshelves that contain multiple rows of shelves inside.
Yup, that means subscriptions organise resource groups. Every Azure account needs to have at least one subscription to use Azure. When you apply rules or settings to a subscription, you're applying it to all the resource groups inside it too.
With multiple subscriptions, you can set different rules for each. Subscriptions are really helpful when it comes to billing and access management.
The final piece of the puzzle is management groups. If subscriptions were bookshelves, think of management groups as entire sections of a library.
Now, you might think: aren't subscriptions enough? That is definitely the case for individuals and even smaller businesses that are managing smaller-scale projects. After all, not all of us need entire aisles of bookshelves at home!
But imagine if you’re dealing with multiple applications, multiple development teams, in multiple geographies. Think of management groups as the top level for the big companies that need it. This is similar to libraries being a unique case - they simply have so many books that it's necessary to divide their space into subscriptions.
When you apply rules or settings to a management group, you're applying it to all the subscriptions inside it too.
Management groups work super similarly to subscriptions, they're simply at a wider scale now.
A funky thing about management groups is that they can be nested to help with organisation. Here is an example of creating a hierarchy by using management groups.
Here is a summary of Azure's management infrastructure: