Organize your Azure resources

Organizing your cloud-based resources is critical to securing, managing, and tracking the costs related to your workloads. To organize your resources, define a management group hierarchy, follow a well-considered naming convention, and apply resource tagging.

Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. The following image shows the relationship of these levels.

Diagram that shows the relationship of management hierarchy levels

  • Management groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
  • Subscriptions: A subscription logically associates user accounts and the resources that were created by those user accounts. Each subscription has limits or quotas on the amount of resources you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
  • Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
  • Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

Scope of management settings

You can apply management settings, like policies and role-based access controls, at any of the management levels. The level you select determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to a subscription, that policy is also applied to all resource groups and resources in that subscription.

Usually, it makes sense to apply critical settings at higher levels and project-specific requirements at lower levels. For example, you might want to make sure all resources for your organization are deployed to certain regions. To do that, apply a policy to the subscription that specifies the allowed locations. As other users in your organization add new resource groups and resources, the allowed locations are automatically enforced. Learn more about policies in the governance, security, and compliance section of this guide.

If you have only a few subscriptions, it's relatively simple to manage them independently. If the number of subscriptions you use increases, consider creating a management group hierarchy to simplify the management of your subscriptions and resources. For more information, see Organize and manage your Azure subscriptions.

As you plan your compliance strategy, work with people in your organization with these roles: security and compliance, IT administration, enterprise architecture, networking, finance, and procurement.

Create a management level

You can create a management group, additional subscriptions, or resource groups.

Create a management group

Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. Go to Management groups.
  2. Select Add management group.

Create a subscription

Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. Go to Subscriptions.
  2. Select Add.

Create a resource group

Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. Go to Resource groups.
  2. Select Add.
  3. Select the Subscription that you want your resource group created under.
  4. Enter a name for the Resource group.
  5. Select a Region for the resource group location.

Learn more

To learn more, see:

Actions

Create a management group:

Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. Go to Management groups.
  2. Select Add management group.

Create an additional subscription:

Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. Go to Subscriptions.
  2. Select Add.

Create a resource group:

Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. Go to Resource groups.
  2. Select Add.
  3. Select the Subscription that you want your resource group created under.
  4. Enter a name for the Resource group.
  5. Select a Region for the resource group location.