Create additional subscriptions to scale your Azure environment
Organizations often use multiple Azure subscriptions to avoid per-subscription resource limits and to better manage and govern their Azure resources. It's important to define a strategy for scaling your subscriptions.
We recommend that organizations consider the Azure landing zone guidance for resource organization as a first step to planning subscriptions within an Azure environment to ensure the broader context of an environment intended to scale is considered
Review fundamental concepts
As you expand your Azure environment beyond your initial subscriptions, it's important to understand Azure concepts such as accounts, tenants, directories, and subscriptions. For more information, see Azure fundamental concepts.
Other considerations might necessitate additional subscriptions. Keep the following in mind as you expand your cloud estate.
Subscription limits: Subscriptions have defined limits for some resource types. For example, the number of virtual networks in a subscription is limited. When a subscription approaches these limits, you'll need to create another subscription and put additional resources there. For more information, see Azure subscription and service limits.
Classic model resources: If you've been using Azure for a long time, you may have resources that were created using the classic deployment model. Azure policies, Azure role-based access control, resource grouping, and tags cannot be applied to classic model resources. You should move these resources into subscriptions that contain only classic model resources.
Costs: There might be some additional costs for data ingress and egress between subscriptions.
Your business priorities might lead you to create additional subscriptions. These priorities include:
For other considerations about scaling your subscriptions, review the subscription organization and governance recommendations in the Cloud Adoption Framework.
Moving resources between subscriptions
As your subscription model grows, you might decide that some resources belong in other subscriptions. Many types of resources can be moved between subscriptions. You can also use automated deployments to re-create resources in another subscription. For more information, see Move Azure resources to another resource group or subscription.
Tips for creating new subscriptions
- Identify who is responsible for creating new subscriptions.
- Decide which resource types are available in a subscription by default.
- Decide what all standard subscriptions should look like. Considerations include Azure RBAC access, policies, tags, and infrastructure resources.
- If possible, programmatically create new subscriptions via a service principal. You must grant permission to the service principal to create subscriptions. Define a security group that can request new subscriptions via an automated workflow.
- If you're an Enterprise Agreement (EA) customer, ask Azure Support to block creation of non-EA subscriptions for your organization.
Create a management group hierarchy to help organize and manage your subscriptions and resources.