Understanding Azure Resource Management Hierachy

What is Azure Resource Management – or ARM?

ARM can be perceived as the unified management layer that is used to create, delete or otherwise manage components in Azure. Regardless of the tooling used to configure something (Azure Portal, Azure Powershell, Azure CLI, REST Clients,…) the actual change is handled by the Azure Resource Manager, handling all requests from different sources:

Resource Manager request model

Image source: https://docs.microsoft.com

What are the organizational scopes in Azure?

Nearly all components in Azure can be managed through the use of any one of the following organization constructs:

  • Resources
  • Resource Groups
  • Subscriptions
  • Management Groups

Resources are the workloads that you create and use in Azure. Virtual Machines, Virtual Networks, Network Security Groups, … are all examples of resources. Resources are the lowest scope that you can assign Role Assignments to. Resources inherit all Policies and Role Assignment that are created on a higher level.

Resource Groups are groups that entail one or more resources. All resources must belong to a resource group (and can only belong to a single resource group). You should only add resources to the same resource group if you manage (create, update, delete,…) them identically. permissions or policies that are assigned on this level automatically trickle down to all underlying resources.

A subscription, as per Microsoft, is “an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption”.

A Management Group is the only entity described here that is able to work cross-subscriptions. As the Azure consumption in an organization grows, more and more subscriptions will be created. Management Groups can be used to centrally manage RBAC & Policies.

The following image describes the link between the aforementioned items with regards to RBAC and Policies:

Scope
Jente Paredis

Jente Paredis

I am an experienced architect with a strong focus on Security, Identity & Productivity Solutions . I specialize in Azure AD, M365, and Azure Infrastructure Solutions. Throughout my professional career, I have had the pleasure to work with bright-minded people. I care deeply about both People and Technology.

Contact?

Dat kan vandaag nog!

 

Ik sta voor de combinatie van flexibiliteit en passie.

Hierdoor ben ik vaker dan een gemiddeld bedrijf bereikbaar om te helpen met jouw IT-gerelateerd project, probleem of vraagstuk!

Contact

Waarom jentech?

Expert Consultancy

Met meer dan 15 jaar ervaring in zowel KMO-omgevingen als multinationals, is jentech dé betrouwbare partner voor al jouw IT vraagstukken!

Microsoft Training

Expertise opbouwen, up-to-date houden én delen zit in mijn DNA. Ik hecht dan ook véél belang aan het behalen van relevante Microsoft certificaten.

Samenwerking

Ik ben er rotsvast van overtuid dat de combinatie van mijn expertise en jouw inzichten tot een onklopbare samenwerking leidt!

Visie

Ik wil mensen en organisaties helpen om hun eigen doelstellingen te halen door kwalitatieve IT-oplossingen aan te bieden.