In summary, both approaches allow you to deploy management groups, but they have different implications:
New-AzTenantDeployment
with an ARM template provides a more automated and scalable approach for deploying management groups. However, it requires elevated permissions at the tenant root group level ("/") to execute the deployment.
-
New-AzManagementGroup
cmdlet offers a more granular approach where you can create management groups individually without requiring elevated permissions at the tenant root group level. However, this approach can be more time-consuming if you have a complex management group hierarchy.
Consider your requirements, the level of automation you need, and the permissions you are comfortable granting when deciding between these two approaches.