What is the best practise or solutions for sepration teams and users in Azure and Office 365?

Mohsen Akhavan 936 Reputation points
2022-09-22T18:22:18.023+00:00

I have some teams and users in each team. Now, I want to separate them from each other. In the future, I will set policies and limitations for each team.

Regarding my research, in Azure, I can do this with two methods:

  1. Have root management with a subscription and separate with Resource Groups
  2. Have Management Group + subscription for each team

My questions are:

  1. Which method is best practice depends on the pros and cons?
  2. Is it possible to use this management in Office 365?
  3. Is there another suggestion?
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
793 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,464 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ollie IT Man 171 Reputation points
    2022-09-28T12:21:11.407+00:00

    Hi @Mohsen Akhavan

    Apologies for the delayed reply.

    All of this can be done with the Office 365 admin center and with some management in the Azure AD management center.

    You won't be able to have a separate portal for each team but with configuration, you be able to separate them so they aren't able to access each other resource.

    Best option for this would be the use of groups to keep the user organised and you all policies in Azure AD can be applied to either groups of individual users.

    In my opinion, locking down data to the individual teams is a must but allowing the teams to communicate via teams, email, etc increases better communication and work relationships.

    I'm happy to assist with the finer details of setting up what you need if you wanted to message directly.

    Many thanks

    2 people found this answer helpful.
  2. JamesTran-MSFT 36,371 Reputation points Microsoft Employee
    2022-10-03T21:47:45.857+00:00

    @Mohsen Akhavan
    Thank you for your post and I apologize for the delayed response!

    Adding onto what was mentioned by @Ollie IT Man , you can also leverage Azure management groups to organize your resources. With management groups you can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management.
    247128-image.png

    Which method is best practice depends on the pros and cons?

    • From your initial post, I'm assuming you'll be leveraging Azure Policy and setting deployment limitations for each team. Therefore, I believe leveraging Management groups would be the ideal solution for your environment.
    • If you only intend on using Azure AD (i.e. MFA, PIM, etc.), you can use Azure AD Groups to separate your teams.

    Is it possible to use this management in Office 365?

    Additional Links:
    Industry solutions with Azure
    What are Azure management groups?
    Best practices for Azure RBAC
    What is Azure role-based access control (Azure RBAC)?

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.