Configure Management Groups

Management groups paly a vital role when we want to organise and manage access, polices and compliance across multiple subscriptions.

Management groups are containers with which you can organise and manage multiple subscriptions. Management groups provide a governance scope above subscriptions, enabling you to apply policies and access controls across all subscriptions within a management group.

With hierarchical structure (up to six levels of depth) of management groups, you can recreate your organisation's structure, such as departments or business units. Which makes it possible for subscriptions to inherit policies and permissions from the management group they belong to.

Configuration

You need Global Admin Roles to create the first management group in Entra ID tenant. Azure automatically creates a "Root" management group (at the top hierarchy) that contains all other management groups and subscriptions by default.

Steps:

• In the Azure portal search for and select management group in the search bar.
• Click on "Add management group"
• Provide a unique Management Group ID (this does not change)
• Enter the Management Group Display Name (you can always change this anytime)
• Assign parent management group if necessary (the default parent is the root management group)

When you are done creating a management group, you can associate subscriptions with it, apply policies and assign roles at the management group level.

With management groups, you can apply policies, compliance rules and security controls across multiple subscriptions. Consistent RBAC policies can be enforced across your Azure environment, ensuring that all subscriptions adhere to the same access controls.