Azure - barialim/architecture GitHub Wiki

Azure Management Groups and Hierarchy

Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. The following image shows the relationship of these levels.

Azure Management scope

Sourced from https://github.com/barialim/architecture/blob/master/azure-management-scope.png

Management Groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
Subscription: A Subscription in Azure is a logical container into which any number of resources (Virtual Machines, Web Apps, Storage Accounts, etc) can be deployed.
- As noted above, a Subscription is only ever associated with a single Azure AD Tenant at any time, though it is possible to grant users outside of this Tenant access.
- Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
Resource Groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
Resource: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.