Azure Architecture

In Azure, each service (e.g, VM, SQL server, App service, etc.) is called a resource. The architecture that handles these resources is split into four levels:

Management Groups

Management groups are used to manage multiple subscriptions
There can be a single top-level management group (root) for each directory in Azure
All subscriptions inherit the roles and conditions applied to the management group

Subscriptions

An Azure subscription is a logical unit of Azure services that links to an Azure account
An Entra ID Directory may have multiple subscriptions, but each subscription can only trust a single directory
An Azure role applied at the subscription level applies to all the resources within the subscription

Resource Groups

A resource group acts as a container for resources
A resource group has its own Identity and Access Management settings for providing role-based access
An Azure role applied to the resource group is applied to all the resources within the group

Resources

A resource is a deployable item in Azure, such as VMs, App Services, Storage Accounts, etc.
All resources must be inside a resource group and can only belong to a single resource group

PreviousMicrosoft Azure NextMicrosoft Entra ID

Last updated 17 days ago