Share via

How I can create a separate management groups in Azure subscription for Dev, test and prod environments so we can better manage and see the costs and all other management of Azure and business units across the organization?

Mytoast Admin 285 Reputation points
2024-09-15T12:48:13.82+00:00

How I can create a separate management groups in Azure subscription for Dev, test and prod environments so we can better manage and see the costs and all other management of Azure and business units across the organization?

I would appreciate the details guide and steps by steps so we can do it for each business unit.

Note: We have only one Azure subscription so I would like to do it in the same subscription and not to buy additional Azure subscription

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
3,577 questions
0 comments
Accepted answer
  1. Arun Siripuram 911 Reputation points
    2024-09-16T06:24:12.2133333+00:00

    @Mytoast Admin

    Understand Management Groups in Azure

    Azure Management Groups allow you to organize your resources and apply governance at different levels. By default, all subscriptions are part of a single root management group. One reason to create a management group is to bundle subscriptions together. Only management groups and subscriptions can become children of another management group. A subscription that moves to a management group inherits all user access and policies from the parent management group.

    You can move subscriptions between management groups. A subscription can have only one parent management group.

    Important facts about management groups

    Each management group and subscription can support only one parent.

    Each management group can have many children.

    https://learn.microsoft.com/en-us/azure/governance/management-groups/overview

    In Azure, a subscription can only belong to one management group at a time. Since you have only one subscription, it cannot be assigned to multiple management groups for Dev, Test, and Prod environments.

    Given this limitation, to effectively manage and segregate your Dev, Test, and Prod environments within a single subscription, you can use Resource Groups, Management Tags, and Azure Policies. Here's an updated step-by-step guide to help you achieve your goal.

    -

    • Step 1: Understand Organizational Options within a Subscription
      • Resource Groups: Logical containers that hold related resources for an Azure solution, which can be used to separate environments.
      • Tags: Key-value pairs that allow you to categorize resources and resource groups.
      • Azure Policies: Used to enforce organizational standards and to assess compliance at-scale.
      Step 2: Create Resource Groups for Dev, Test, and Prod
      1. Sign in to the Azure Portal.
      2. Navigate to Resource Groups.
      3. Click on + Create.
      4. For each environment, create a new resource group:
        • Resource Group Name: e.g., rg-dev, rg-test, rg-prod.
        • Region: Select the appropriate region for your resources.
      5. Click Review + Create and then Create.
      Step 3: Organize Resources Within Resource Groups
      • Deploy resources (VMs, databases, storage accounts, etc.) into the corresponding resource groups based on their environment.
      • This separation ensures that resources for Dev, Test, and Prod are logically grouped.
      Step 4: Apply Tags for Business Units
      1. For each resource group or individual resource, navigate to the Tags section.
      2. Add tags to represent business units and other relevant metadata:
        • Key: BusinessUnit
        • Value: e.g., Sales, Marketing, Finance
      3. Apply multiple tags if necessary to capture additional information.
      Step 5: Implement Azure Policies for Governance
      1. Navigate to Azure Policy in the Azure Portal.
      2. Click on Assignments and then + Assign Policy.
      3. Scope the policy to your subscription or specific resource groups.
      4. Select built-in policies or create custom policies to enforce rules such as:
        • Allowed resource types.
        • Enforcing tagging standards.
        • Restricting deployment locations.
      5. Review and Create the policy assignment.
      Step 6: Set Up Role-Based Access Control (RBAC)
      1. Navigate to the Resource Group you want to assign roles to.
      2. Click on Access Control (IAM).
      3. Click on + Add and select Add role assignment.
      4. Choose the appropriate role (e.g., Contributor, Reader) for users or groups.
      5. Assign users or teams to resource groups based on their environment (Dev, Test, Prod) and business unit.
      Step 7: Configure Cost Management and Budgets
      1. Go to Cost Management + Billing in the Azure Portal.
      2. Under Cost Management, select Budgets.
      3. Click on + Add to create a new budget for each environment:
        • Filters: Select the resourcegroupname(rg-dev, rg-test, rg-prod).
        • Budget Amount: Set the budget limit and provide Budget details as per ur requirements
      4. Review and Create the budget.
      Step 8: Monitor Costs by Tags and Resource Groups
      1. In Cost Management + Billing, navigate to Cost Analysis.
      2. Use Filters to view costs by:
        • Resource Group: See costs per environment.
        • Tags: Analyze costs per business unit.
      3. Generate reports and export data as needed.
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.