Share via

Subscription segregation based on Offer Type

Abrar Adil S 456 Reputation points
2024-01-23T07:44:47.3433333+00:00

We are planning to have separate Management Groups for MSDN Subscription and Enterprise Subscriptions, I have able to create a Powershell script which detects the Subscription Quota ID, and move the subscription to the specific Management Group where we have applied Policies on respective Management Group for more control over the infra that is been deployed.

We want to check if there is any possibility/automation when a Enterprise/MSDN subscription is created under a Tenant Root Group, it should automatically moved to respective Management Group specified. We have tried the Azure Policy and the Provider doesn't support the condition "Microsoft.Subscription/SubscriptionDefinitions/offerType" and in the Azure Logic App, under a when a resource event occurs there is no option to select for Subscription creation. Any help in getting this automated will really be helpful. Providing the code for moving the Azure Subscriptions to Specified Management Group (However the script still needs to be modified as it is been moving the subscriptions which are already been part of that Management Group)
> 


    Connect-AzAccount

    # Get the Azure subscriptions
    $subscriptions = Get-AzSubscription

    # Check if the subscription is an Enterprise Agreement or MSDN

    foreach ($subscription in $subscriptions) {
        $subscriptionName = $subscription.Name


         $subscriptionDetails = Get-AzSubscription -SubscriptionId $subscription.Id | Select-Object -ExpandProperty ExtendedProperties

    $quu = $subscriptionDetails.SubscriptionPolices | ConvertFrom-Json | Select-Object -ExpandProperty quotaId


        if ($quu -eq "MSDN_2014-09-01") {
            $subscriptionType = "MSDN"

            Write-Host "Subscription '$subscriptionName' is a $subscriptionType subscription."

            $ManagementGroupId = "auditonlymg"
        
            # Move the subscription to the new management group
        
            New-AzManagementGroupSubscription -GroupName $ManagementGroupId -SubscriptionId $subscription.Id

            Write-Host "Subscription '$subscriptionName' has been moved to the management group '$ManagementGroupId'."
        }
        else {
            Write-Host "Subscription '$subscriptionName' is not an MSDN subscription."
        }
    }
Cost Management
Cost Management

A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Hill 30,336 Reputation points Microsoft Employee Moderator
    2024-02-05T23:18:21.23+00:00

    Hi @Abrar Adil S
    Apologies for the delayed response. For your initial ask, no, there isn't any automation that will move subscriptions to a management group. I think you're on the right path with your PowerShell script above and either use an automation account or Azure Function run it. One possibility, but it's a long shot, is to subscribe to an event grid event topic on the subscription (see image below). There isn't a subscription event type, but the resource create event type may allow you to filter by resource type. User's image

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.