Setting the Course: Mapping the Azure Hierarchy for New Admins

AZ-104 Series: Post 1

The Azure Blueprint: Organizing the Chaos

In our last post, we talked about why the Azure Administrator is the "Captain" of the ship. But before a Captain sets sail, they need to know where everything is stored. If you just throw your Virtual Machines and Databases into Azure without a plan, you'll end up with a massive bill and a security nightmare.

Today, we’re looking at the Azure Hierarchy—the "Secret Sauce" to keeping your cloud organized.

🪆 The Russian Doll Analogy: Think of Azure like a set of Matryoshka dolls. To get to the smallest doll (your data), you have to open several larger ones first. Each layer provides a level of control and security.
LEVEL 1

Management Groups (The City Council)

If your company has multiple departments (Finance, HR, IT), you don't want to manage them one by one. Management Groups allow you to group multiple subscriptions together. If you set a rule at this level, it flows down to everything inside it.

LEVEL 2

Subscriptions (The Bank Account)

This is where the money happens. A Subscription is a logical container used to provision resources. It holds the "credit card" attached to your account. In a big company, you might have one subscription for "Testing" and one for "Production."


LEVEL 3

Resource Groups (The Apartment)

This is the most important layer for an Admin. A Resource Group (RG) is a container that holds related resources for an Azure solution.
The Golden Rule: If a Web App and its Database are born together and will be deleted together, they should live in the same Resource Group.

LEVEL 4

Resources (The Furniture)

Finally, we reach the actual "stuff"—your Virtual Machines, Storage Accounts, and Virtual Networks. These are the individual items you build to run your business.

Why Does an Administrator Care?

In the AZ-104 exam and the real world, hierarchy is about two things:

  1. Permissions: You can give a user access to a whole Subscription, or just a single Resource Group. (Always choose the smallest level possible!)
  2. Policies: You can tell a Management Group that "No one is allowed to build servers outside of the UK," and it will automatically block anyone trying to break that rule.
💡 Cloud-Clipper Pro-Tip: Never put all your resources into one Resource Group. It makes it impossible to track costs or manage security. Treat your Resource Groups like specialized folders on your computer!

Next Topic: The "House Rules" – Mastering Tags and Azure Policy to keep your budget safe!

Newer Older