- Article
- 7 minutes to read
Organize your cloud-based resources to secure, manage, and track the costs associated with your workloads. To organize your resources, define a management group hierarchy, consider and follow a naming convention, and apply resource labels.
Management levels and hierarchy
Azure offers four levels of management: management groups, subscriptions, resource groups, and resources. The diagram below shows the relationship between these levels.
management groupshelp you manage access, policies, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
SubscriptionsLogically associate user accounts with the resources they create. Each subscription has limits or quotas on the amount of resources it can create and use. Organizations can use subscriptions to manage costs and resources created by users, teams, and projects.
resource groupsare logical containers where you can deploy and manage Azure resources such as web apps, databases, and storage accounts.
resourcesare instances of services that you can create, e.g. B. virtual machines, storage and SQL databases.
Scope of management settings
You can apply management settings such as policies and role-based access control at any level of management. The level determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, if you apply a policy to a subscription, that policy applies to all resource groups and resources in that subscription.
It usually makes sense to apply critical settings at higher levels and project-specific requirements at lower levels. For example, to ensure that all resources for your organization are deployed in specific regions, apply a policy to the subscription that specifies the allowed regions. The allowed locations are automatically enforced as users in your organization add new resource groups and resources. Learn more about policies inGovernance, security and compliance, another article in this setup guide.
Managing some subscriptions independently is easy. However, if you have a large number of subscriptions, consider creating a management group hierarchy to simplify subscription and resource management. For more information, seeOrganize and manage multiple Azure subscriptions.
Work with people in the following roles as you plan your organizational compliance strategy:
- security and compliance
- IT-Administration
- corporate structure
- Networking
- finance
- procurement
Create a management structure
To create a management group, subscription, or resource group, log in to theAzure-Portal.
To create onemanagement groupFor information on managing multiple subscriptions, seemanagement groupsand selectCreate.
To create oneSubscriptionTo assign users to resources, go toSubscriptionsand selectAdd to.
note
You can also create subscriptions programmatically. For more information, seeCreate Azure subscriptions programmatically.
(Video) How to plan for cloud adoptionTo create oneresource groupto keep resources with the same permissions and policies:
- Go toCreate a resource group.
- ImCreate a resource groupform:
- ForSubscription, select the subscription in which to create the resource group.
- Forresource group, enter a name for the new resource group.
- ForRegion, select a region in which to localize the resource group.
- ChooseCheck + create, and select when the verification is completeCreate.
Actions
To create a management group, subscription, or resource group, log in to theAzure-Portal.
To create onemanagement groupFor information on managing multiple subscriptions, seemanagement groupsand selectCreate.
To create oneSubscriptionTo assign users to resources, go toSubscriptionsand selectAdd to.
note
You can also create subscriptions programmatically. For more information, seeCreate Azure subscriptions programmatically.
To create oneresource groupto keep resources with the same permissions and policies:
- Go toCreate a resource group.
- ImCreate a resource groupform:
- ForSubscription, select the subscription in which to create the resource group.
- Forresource group, enter a name for the new resource group.
- ForRegion, select a region in which to localize the resource group.
- ChooseCheck + create, and select when the verification is completeCreate.
naming standards
A good naming standard helps identify resources in the Azure portal, on a bill, and in automation scripts. Your naming strategy should include business and operational details in resource names.
Business details should include the organizational information needed to identify teams. Use the resource's short name along with the names of the business owners responsible for resource costs.
Operational details in resource names should include information that IT teams need. Add details that identify the workload, application, environment, criticality, and other information useful for managing resources.
Naming Rules and Restrictionsvary by resource type. For more information and recommendations to support enterprise cloud adoption, seeDevelop your naming and tagging strategy for Azure resources.
note
- Avoid using special characters such as hyphen and underscore (
-And_) as the first or last character in a name. This can cause validation rules to fail. - Tag names are not case-sensitive.
The following table shows limitations and naming patterns for resource groups, availability groups, and tags.
| resource group | Availability fixed | Sign | |
|---|---|---|---|
| Scope | Subscription | resource group | Connected Entity |
| Long | 1-90 | 1-80 | 512 (name), 256 (value) |
| Valid characters | Alphanumeric, underscore, brackets, hyphen, and period except at the end | Alphanumeric, underscore and hyphen | Alphanumeric characters, spaces, and Unicode characters other than angle brackets, percent signs, ampersands, slashes, question marks, or periods |
| Suggested pattern | <service nickname>-<environment>-rg | <service nickname>-<context>-as | Taste:Wert |
| Example | profx-prod-rg | profx-SQL-as | Department:Central IT ☺ |
Tags can quickly identify your resources and resource groups. You apply tags to your Azure resources to logically organize them by category. Tags can include context about the resource's associated workload or application, operational requirements, and ownership information.
Each tag consists of a name and a value. For example, you can accept the nameSurroundingsand the valueProductionon all resources in production.
After you apply tags, you can easily retrieve any resources in your subscription that have that tag name and value. When organizing resources for billing or management, tags can help you retrieve related resources from different resource groups.
Other common uses for tags are:
- Metadata and documentation:Admins can easily see details about the resources they are working on by applying a tag likeproject owner.
- Automation:Periodically running scripts can be based on a tag value such asshutdown timeorcancellation date.
- Cost Optimization:You can assign resources to the teams and resources responsible for the costs. InCost Management + Billing, you can apply your cost center tag as a filter to report charges based on usage by team or department.
Each resource or resource group can have a maximum of 50 pairs of tag names and values. This limitation applies only to tags applied directly to the resource group or resource.
For more tagging recommendations and examples, seeDevelop your naming and tagging strategy for Azure resources.
Apply a resource tag
To apply one or more tags to a resource group:
- Go to the Azure portalresource groupsand select the resource group.
- Chooseassign tagsin the navigation at the top of the page.
- Under Enter the name and value for a tagNameAndWert.
- Enter or select more names and valuesSave on computer.
Remove a resource tag
To remove one or more tags from a resource group:
- Go to the Azure portalresource groupsand select the ellipsis menu for the group, and then selectedit tags.
- Select the trash can icon for each tag you want to remove.
- To save your changes, selectSave on computer.
action
To apply one or more tags to a resource group:
- Go to the Azure portalresource groupsand select the resource group.
- Chooseassign tagsin the navigation at the top of the page.
- Under Enter the name and value for a tagNameAndWert.
- Enter or select more names and valuesSave on computer.
To remove one or more tags from a resource group:
- Go to the Azure portalresource groupsand select the ellipsis menu for the group, and then selectedit tags.
- Select the trash can icon for each tag you want to remove.
- To save your changes, selectSave on computer.
Next Steps
To learn more about management levels and organization, see:
- Azure basics
- Create your initial Azure subscriptions
- Create additional subscriptions to scale your Azure environment
- Organize and manage multiple Azure subscriptions
- What are Azure management groups?
- Resource access management in Azure
- Limits, quotas, and restrictions for Azure subscriptions and services
For more information on naming and tagging resources, see:
- Develop your naming and tagging strategy for Azure resources
- Use tags to organize your Azure resources and your management hierarchy