A few days ago the “Azure Management Groups” got into Public Preview. The pitch as mentioned to the docs ;
You can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management.
During the current preview, policies aren’t yet part of the preview. Though they will be included later on. So for the moment you can use them to setup a unified access management structure for your governance.
Taking a peek
So let’s take a look at how it looks?
Just like any other service, you will find the “Management Groups” in the services lists… 😉
By default you only see the “Tenant Root Group”. Here I’ve added “001-InitialGroup” as my first management group. You can choose the ID for it (though cannot change it later on!), and I chose the totally creative “001” *cough*.
Next up, I opened it up…
And added my existing MSDN subscription to it.
Nothing fancy to see here…
And it just does what it needs to do ;
After having “Updated” the subscription, you’ll see it being added to the group.
And it’ll show up in your hierarchy tree. Where the context menu will allow you to move it to another location if wanted.
After a bit of time, you’ll see that the configured roles from the management group will be inherited.
As I wanted to make sure that I didn’t kick myself out. I (manually) copied the roles from my subscription to the management group. Though it seems that the management group doesn’t do a “desired state”, but it’ll just extend the IAM roles with those of the management groups.
There will be a lot of enterprises happy to see this feature! If the policy gets added to this, then it’ll be one of the kick ass aspects from the Azure Governance Swiss Knife. 😉