How to create Azure Resource Hierarchy

Creating an Azure Resource Hierarchy involves organizing your resources across different levels to ensure logical grouping, governance, and ease of management.

The hierarchy structure typically follows the flow of Management Groups → Subscriptions → Resource Groups → Resources, allowing you to apply Role-Based Access Control (RBAC), Azure Policies, and Cost Management at various levels.

Here’s how you can create and manage your Azure Resource Hierarchy step by step:

1. Creating an Azure Management Group

Management Groups are used to manage multiple subscriptions, and they are the top level in the Azure hierarchy.

You can create nested management groups to organize resources logically for large organizations.

Steps to Create a Management Group:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to Management Groups:

   • In the left-hand menu, search for and select "Management Groups".

3. Create a Management Group:

   • Click on "+ Add Management Group" at the top of the Management Groups page.

   • Enter a management group ID (a unique name).

   • Choose the parent management group (if applicable) or leave it as the root management group.

   • Click Create.

4. Apply Policies and RBAC (optional):

   • Once your management group is created, you can apply Azure Policy and Role-Based Access Control (RBAC) permissions to manage access and governance at this level.

. ✏️[!NOTE]

• You can have up to six levels of nesting for management groups.

• The Root Management Group is automatically created for each Entra tenant ID, and it’s where all other management groups and subscriptions reside. '

2. Creating an Azure Subscription

Once you have your management groups in place, the next level is to create Azure subscriptions.

Subscriptions are where all your resources live and are linked to billing accounts.

Steps to Create a Subscription:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to Subscriptions:

   • In the left-hand menu, search for and select "Subscriptions".

3. Create a New Subscription:

   • Click on "+ Add" at the top of the Subscriptions page.

   • Choose a subscription offer (e.g., Pay-As-You-Go, Enterprise Agreement, etc.).

   • Select a billing account and directory (if applicable).

   • Follow the prompts to complete the creation of the subscription.

4. Link to Management Group (optional):

   • After the subscription is created, you can link it to a management group.

   • In the Subscriptions pane, select the newly created subscription.

   • In the Management Group section, click "Move" and select the desired management group to associate the subscription with.

. ✏️[!NOTE]

• Subscriptions represent billing boundaries and also define the scope for resource quotas, access control, and compliance policies.

• You can have multiple subscriptions in a single Azure Entra tenant ID. '

3. Creating Resource Groups

Resource Groups are containers that hold related resources for a project or workload.

They allow you to manage resources that share the same lifecycle and can be managed as a unit.

Steps to Create a Resource Group:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to Resource Groups:

   • In the left-hand menu, search for and select "Resource Groups".

3. Create a New Resource Group:

   • Click on "+ Add" at the top of the Resource Groups page.

   • Enter a name for the resource group.

   • Select the region for the resource group.

   • The region you select is where the metadata for the resource group is stored

     • (though resources within the group can be in different regions).

   • Click Create.

4. Apply Tags, RBAC, and Policies (optional):

   • You can add tags for resource organization (e.g., Environment, Owner, CostCenter).

   • You can apply RBAC and Azure Policies to the resource group to define access and enforce governance.

. ✏️[!NOTE]

• A resource group should reflect a logical unit of resources that share a lifecycle (e.g., all resources related to a web app or a virtual network).

• You can organize resources by project, team, environment (e.g., dev, test, prod), or department. '

4. Creating Resources Within Resource Groups

Resources are the individual services you deploy in Azure (e.g., Virtual Machines, Storage Accounts, Databases).

These are deployed into Resource Groups.

Steps to Create Resources:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to Resources:

   • In the left-hand menu, search for and select the specific resource type you want to create, such as Virtual Machine, Storage Account, or SQL Database.

3. Create the Resource:

   • Click on "+ Add" to start creating the resource.

   • Fill in the required details, including:

     • Resource Group: Select an existing resource group or create a new one.

     • Region: Choose a region for the resource.

     • Resource-specific configuration options (e.g., VM size, network configuration, storage type).

4. Configure Resource-specific Settings (optional):

   • Configure monitoring, security, access control (RBAC), and other settings as needed for the resource.

5. Deploy the Resource:

   • Once all configurations are set, click Review + Create and then Create.

. ✏️[!NOTE]

• Resources can be anything from virtual machines, storage accounts, databases, to networking components (like Virtual Networks or Load Balancers).

• Resources within a resource group can span multiple regions, but the resource group itself is tied to a region for metadata purposes. '

5. Organizing Azure Resources Using Tags

Tags are key-value pairs that you can assign to Azure resources to help organize and categorize them.

Tags can be applied to Management Groups, Subscriptions, Resource Groups, and Resources.

Steps to Create and Assign Tags:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to the Resource (or Resource Group/Subscription):

   • You can assign tags at different levels of the hierarchy (management group, subscription, resource group, or individual resource).

3. Assign Tags:

   • In the Overview tab of the selected resource, click "Tags".

   • Add key-value pairs (e.g., Environment: Production, CostCenter: Marketing).

   • Click Save.

. ✏️[!NOTE]

• Tags help in organizing resources for cost management, billing, and reporting.

• Use consistent naming conventions for tags (e.g., Environment, Project, Owner). '

6. Setting Up Governance Using Policies

Azure provides tools such as Azure Policy to enforce rules and regulations at the management group, subscription, and resource group levels.

Steps to Create and Assign Policies:

1. Access the Azure Portal:

   • Go to the Azure Portal.

2. Navigate to Azure Policy:

   • In the left-hand menu, search for and select "Azure Policy".

3. Create a New Policy Assignment:

   • Click "+ Assign Policy".

   • Select the Scope (management group, subscription, or resource group).

   • Choose the Policy Definition that fits your governance needs (e.g., restrict specific resource types or enforce tagging rules).

   • Configure parameters and assign the policy.

. ✏️[!NOTE]

• Azure Policies help maintain governance across your environment by enforcing compliance rules and standards for your resources. '

Conclusion

Creating and managing an Azure Resource Hierarchy is fundamental for organizing your cloud resources, ensuring effective governance, and optimizing costs.

By following these steps, you can set up a well-structured hierarchy that includes Management Groups, Subscriptions, Resource Groups, and Resources.

You can also enhance management with features like tags, RBAC, Azure Policies, and monitoring tools to ensure compliance, security, and efficient resource utilization.

By adhering to best practices and using the Azure management tools effectively, you can ensure that your resources are well-organized, secure, and compliant with your organization’s policies.