Azure Subscription and Management Group

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

8 hours 33 minutes
Video Transcription
Hello, Siberians. Welcome to this lesson on Azure subscription and management group. This lesson is part of the foot model off the Is that 500 Microsoft Azure Security Technologies, cars,
Quick information on water Recovering in this lesson,
we'll start out by looking at the Jarvis says Iraqi would end this cause the concept of an I just description and what that means would discuss as your subscription types on. Then cover the enterprise agreements description Type who discussed management groups and how it makes it easier to implement governance for multiple subscriptions. And finally,
we'll cover how to transfer.
And I just description from one our Joy D tenants to another and also how to transfer its organization building. So there's a lot for us to cover in this lesson. Let's get right to it.
Let's have a quick look at their Jarvis's Iraqi Before management group was introduced
at the top of the hierarchy, we have the adjust description, then within as prescriptions. We have this subgroups
and then would then every subtitles. We have ah ha actual resources or services like virtual networks, sick auditor busies and veteran machines. Let's look at some car concepts off the address description
to deploy with sauces in a journalist. Inter visions We need an address description on a subscription serves as a single 1,000,000,000 unit. Fragile resources Whenever we create on a jury sauce, One of the first things that we usually have to specify is the subscription that the vessels will be attached to. So, in other words,
as prescriptions are like payment accounts for azure resources.
And I just description also as a trust relationship with an azure A D tenant to manage access to the subscription and its resources, its execution trust as your Haiti to authenticate its uses on its services. Multiple subscriptions can trust the same as your a d tenant. However,
its description can only trust a single directory.
Another concept that's important. Not about I just descriptions is that day ever service limits for resources within an I just prescription. So, for example, as at the time of recording this video, there was a limit off 1000 veteran networks for subscription, and this could be one of the visions for having multiple subscriptions to scare your limits. As an organization,
let's have a look at subscription types and usage.
They're different types of azure subscriptions. As a matter of fact, suspicion type exists beyond what we have on the screen, but this is just to give you the main categories that exists. So we have a free azure subscription that could be if we try out of the user signed up by themselves. Or that could be something called an azure past voucher tryout subscription
that we have the pay as you go subscription. Where a user aso link it's with a credit card on whatever is charged. That's what's different. Gets charged to the credit card on a monthly basis.
We have the enterprise agreements, prescriptions, which are usually targeted at organizations that are much larger. We also have subscription for students where Microsoft gives $100 after user verifies dissidents information. But let's go dig deeper at the enterprise agreements description. So the women and the Paris Agreement walks
Is an organisation has an agreement with Microsoft? So, for example,
on organizations could have an agreement suspend to 300,000 over the next two years in Hajer. So once they signed this agreement with Microsoft, there certain benefits that they get off the back of this for example, they'll get price protection.
Why, even though the price may flock, treat for other subscription types like Piazza Go the prices protected for enterprise agreements descriptions. They also get the benefit of discounted pricing. So the price in that you pay if you have an enterprise agreements description is different from the price in that you pay a fee. Just isn't a pay as you go subscription
because there is a commitment to Microsoft Air, so you to get that benefit.
You also get soft. Restaurants benefit where Microsoft is. An organization could give you seven types off licences that you can use Internet as an organization or even personalize your subscriptions like visual studio subscriptions. I can distribute toe engineers within the organization
on my permanently. You get access to the enterprise admin pato
So on enterprise admin. Pato is where an organization that has an EEA agreement with Microsoft goes to create the prescriptions.
So from woodenness e a photo, for example, I can create subscriptions for my organizations that are going to be charged to a committed spend that we've agreed with Microsoft. So what can go wrong when we have a situation like what I just showed you where you have a potter that you can goto creates subscriptions as well
under your committed spend as an organization.
Yes, what could go wrong? You could start out with probably a single subscription, but as time goes on, you begin to have more and more and more subscriptions on before you know each Jarvis prescriptions pro within your organization on it's very difficult to manage onto it. Make it even more complicated. You have to apply verbs, access, control and policies at
each subscription level. So this is a management nightmare,
and that's where management jobs come in. Marriage. Mangroves allows us to group subscriptions together, but what benefits do we get from doing that? The first benefit is that it makes it much easier to manage subscriptions by grouping them together vessels. The chaotic situation that I showed you on the five year slight
We can also apply governors controls at the management group level
on the policies that were configure will be in every Ted by all the subscriptions in the group's. It makes it much more easy at your apply governance controls. The top benefit is that we can I agree, get reporting at a higher level, for example, is they are viewing 1,000,000,000 for each subscription.
We can group them together on view 1,000,000,000 for all the subscriptions in the group.
I don't know. Good feel about Management Group is that we can ness them together, which allows us to be flexible in the design of a hierarchy that fits our organization.
Here's an example. Organization model using management groups. First, we have the Route management group at the top of the hierarchy. On any organization level. Policies and governors control can be applied there. We don't have to. Child management grows with four subscriptions each.
Maybe the subscriptions have been grouped by teams or business units. We can have Robe is access controls
and policies for the team level applied at this child management group level. And, of course, we can also do aggregate at reporting. So let's review where we currently stand. When it comes to the services hierarchy
had a top of the hierarchy. We have the Votes management group.
We can then have one or more child management groups on the deaths and then one of my subscriptions under that,
then within ask prescriptions. We have every such groups and then within every such girls, we have an actual resources and services. We mentioned any other than I just description as a trust relationship with an a jury, a d tenant for user and service authentication. However, there may be a scenario where we need to transfer
that authentication trust
from one of your lady tenants to another. Maybe do treat company the organization.
It's important to note that when we do these a jury 80 users that have been assigned vole shoes involved is access control will lose their taxes on uses in the new graduated tenants. Will needs to be assigned access. After this transfer is completed,
there may also be a scenario where we need to transfer the 1,000,000,000 ownership. Often adjust description from one organization to another organization,
maybe due to imagine on accuse Ishan
performing. This would also impact for businesses control.
Let's look for the hearts. The second scenario off transferring subscription 1,000,000,000 ownership. The way that this works is that the centre held mean would need to enter the email address off on admin in diversity in organization, and there'd Mendon needs to be entered as a recipient as tohave the 1,000,000,000 administrative Oh,
in the recipient organization,
the recipient admin wouldn't accept the transfer
on. Technically, there's no how outage of service water transfer takes place. However. Services like the key vote would need to have the access reconfigured after the transfers completed. What subscription types can we transfer? 1,000,000,000 ownership for
harsh prosecution types can be transferred except for the free and open license in such a different types. And if you're gonna be transferring the ownership off year subscriptions, we can only do that in the e A. Pato, not in the azure portal like we do for the other supported subscription types.
So here's our supplemental links for futher studies on the topics that we've covered in this lesson
in summary.
Yeah, the topics covered
who started out by looking at the azure resource. I have a key.
We discussed the concept of an I just description on what it means
would discussed different. I just description types. We covered the enterprise agreements description type with this cost management groups and how it makes it easier to implement governance.
And finally we covered our to transfer on azure subscription from one aggerated tenants to another or even its organization building.
Thanks very much for watching, and I'll see you in the next lesson.
Up Next