Have few queries related to management group

Question

Hello Team,

Have few queries related to management group. For example,

I've a parent MG and child MG. Need to create a new MG under child MG and move few subscriptions from child MG to new MG. By doing so,

1. Will there be any latency and data loss?
2. Will the policy get inherit from child MG to new MG.

Answer 1

Hi Mahadev, Rakesh [HAEA],

Thanks for reaching out to Microsoft Q&A.

If you are going to move subscriptions from one MG to another, then there won't be any data loss or latency as its just as hierarchical structure that is being changed and their won't be any impact to resources inside the Subscription.

If you're doing the move action, you need permission at each of the following layers:

• Child subscription or management group
  • Microsoft.management/managementgroups/write
    • Microsoft.management/managementgroups/subscriptions/write (only for subscriptions)
      • Microsoft.Authorization/roleAssignments/write
        • Microsoft.Authorization/roleAssignments/delete
          • Microsoft.Management/register/action
          • Target parent management group
            • Microsoft.management/managementgroups/write
• Current parent management group
  • Microsoft.management/managementgroups/write

Also, please check Azure RBAC permissions for hierarchy settings- https://learn.microsoft.com/en-us/azure/governance/management-groups/how-to/protect-resource-hierarchy

Policies which are applied at the parent MG level will be inherited by the child MG and any new MGs created under it. This means that if you have policies applied to the child MG, they will be inherited by the new MG created under it. However, you can also apply specific policies to the new MG if needed, which will override the inherited policies for that MG and its resource

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.