Organize your Azure resources effectively

Organize your cloud-based resources to secure, manage, and track costs related to your workloads. To organize your resources, define a management group hierarchy, consider and follow a naming convention, and apply resource tagging.

Management levels and hierarchy

Azure provides four levels of management: management groups, subscriptions, resource groups, and resources. The following diagram shows the relationship between these levels.

• Management groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

• Subscriptions logically associate user accounts with the resources they create. Each subscription has limits or quotas on the amount of resources it can create and use. Organizations can use subscriptions to manage costs and the resources created by users, teams, and projects.

• Resource groups are logical containers where you can deploy and manage Azure resources like virtual machines, web apps, databases, and storage accounts.

• Resources are instances of services you can create in a resource group, such as virtual machines, storage, and SQL databases.

  Note

  To understand and minimize the effect of regional outages, see Select Azure regions.

Management settings scope

You can apply management settings, such as policies and role-based access control, at any management level. The level determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to a subscription, that policy applies to all resource groups and resources in that subscription, unless explicitly excluded.

Start with applying critical settings at higher levels and project-specific requirements at lower levels. For example, to make sure that all resources for your organization deploy to certain regions, apply a policy to the subscription that specifies the allowed regions. The allowed locations are automatically enforced when users in your organization add new resource groups and resources.

Tip

Use management groups to organize and govern your Azure subscriptions. As the number of your subscriptions increases, management groups provide critical structure to your Azure environment and make it easier to manage your subscriptions. To learn more, see Management groups design considerations and recommendations.

Create a management structure

To create a management group, subscription, or resource group, sign in to the Azure portal.

• To create a management group to help you manage multiple subscriptions, go to Management groups and select Create.

• To create a subscription to associate users with resources, go to Subscriptions and select Add.

• To create a resource group to hold resources that share the same permissions and policies:

  1. Go to Create a resource group.
  2. In the Create a resource group form:
     1. For Subscription, select the subscription in which to create the resource group.
     2. For Resource group, enter a name for the new resource group.
     3. For Region, select a region in which to locate the resource group.
  3. Select Review + create, and after the review passes, select Create.

  Note

  You can also create resources programmatically. For examples, see Programmatically create Azure subscriptions and Create a management group with Azure PowerShell .

Actions

To create a management group, subscription, or resource group, sign in to the Azure portal.

• To create a management group to help you manage multiple subscriptions, go to Management groups and select Create.

• To create a subscription to associate users with resources, go to Subscriptions and select Add.

  Note

  You can also create subscriptions programmatically. For more information, see Programmatically create Azure subscriptions.

• To create a resource group to hold resources that share the same permissions and policies:

  1. Go to Create a resource group.
  2. In the Create a resource group form:
     1. For Subscription, select the subscription in which to create the resource group.
     2. For Resource group, enter a name for the new resource group.
     3. For Region, select a region in which to locate the resource group.
  3. Select Review + create, and after the review passes, select Create.

Naming standards

A good naming standard helps to identify resources in the Azure portal, on a billing statement, and in automation scripts. Your naming strategy should include business and operational details in resource names.

• Business details should include the organizational information required to identify teams. For example a business unit, such as fin, mktg, or corp might be used.
• Follow the guidance for abbreviations for resource types.
• Use a consistent naming convention for all resources. For example, use a prefix that identifies the subscription or resource group, workload type, the environment the resource is deploy in, and the Azure region.
• Operational details in resource names should include information that IT and workload teams need. Include details that identify the workload, application, environment, criticality, and other information that's useful for managing resources.

To learn more about naming Azure standards and recommendations, see Develop your naming and tagging strategy for Azure resources.

Note

• Avoid using special characters, such as hyphen and underscore (- and _), as the first or last characters in a name. Doing so can cause validation rules to fail.
• Names of tags are case-insensitive.

Resource tags

Tags can quickly identify your resources and resource groups. You apply tags to your Azure resources to logically organize them by categories. Tags can include context about the resource's associated workload or application, operational requirements, and ownership information.

Each tag consists of a name and a value. For example, you can apply the name environment and the value production to all the resources in production.

After you apply tags, you can easily retrieve all the resources in your subscription that have that tag name and value. When you organize resources for billing or management, tags can help you retrieve related resources from different resource groups.

Other common uses for tags include:

• Workload name: Name of the workload that a resource supports.
• Data classification: Sensitivity of the data that a resource hosts.
• Cost center: The accounting cost center or team associated with the resource. In Microsoft Cost Management, you can apply your cost center tag as a filter to report charges based on usage by team or department.
• Environment: The environment in which the resource is deployed, such as, development, test, or production.

For more tagging recommendations and examples, see Define your tagging strategy.

Apply a resource tag

To apply one or more tags to a resource group:

1. In the Azure portal, go to Resource groups and select the resource group.
2. Select Assign tags in the navigation at the top of the page.
3. Enter the name and value for a tag under Name and Value.
4. Enter more names and values or select Save.

Remove a resource tag

To remove one or more tags from a resource group:

1. In the Azure portal, go to Resource groups and select the ellipses menu for the group, and then select Edit tags.
2. Select the trash can icon for each tag that you want to remove.
3. To save your changes, select Save.

Action

To apply one or more tags to a resource group:

1. In the Azure portal, go to Resource groups and select the resource group.
2. Select Assign tags in the navigation at the top of the page.
3. Enter the name and value for a tag under Name and Value.
4. Enter more names and values or select Save.

To remove one or more tags from a resource group:

1. In the Azure portal, go to Resource groups and select the ellipses menu for the group, and then select Edit tags.
2. Select the trash can icon for each tag that you want to remove.
3. To save your changes, select Save.

Next steps

To learn more about management levels and organization, see:

• Management group design considerations and recommendations
• Subscription considerations and recommendations
• Resource access management in Azure

For more information about resource naming and tagging, see:

• Define your tagging strategy
• Use tags to organize your Azure resources and management hierarchy