Tags & Management Groups

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey everybody, and welcome to this lecture.
00:00
In this lecture, we're going to be talking about
00:00
Tags and Management Groups.
00:00
The learning objectives are going to be to
00:00
understand what resource tagging is.
00:00
If you've been in IT, you're probably familiar with
00:00
tagging because we do it
00:00
pretty often within virtualized environments
00:00
as a way to organize your resources.
00:00
But in addition, we want to talk about management groups,
00:00
which helps us get another perspective
00:00
on managing our resources and accommodating for cost.
00:00
To start off, with resource tags,
00:00
like I alluded earlier,
00:00
tagging allows us to organize and figure out
00:00
how much costs is going to be
00:00
accrued based off of a particular tag.
00:00
It gives us another way of looking at
00:00
our expenses and how many resources we have deployed.
00:00
One example is, let's say you
00:00
have marketing and marketing is pretty big.
00:00
They do a lot of websites, they have a lot of tests,
00:00
dev, and production environments.
00:00
You could tag every single resource that's being deployed
00:00
within these various resource groups
00:00
with the marketing tag.
00:00
A tag is essentially just a key value pair,
00:00
like what you see right here in the picture.
00:00
We have department, we have finance.
00:00
We could put department and marketing.
00:00
When it comes time to figure out how much
00:00
of the billing was from the marketing department,
00:00
maybe because the budget is going to come
00:00
from them and they have to pay for whatever they use,
00:00
we can just click on the tag and get a good idea of how
00:00
much was accrued from them and
00:00
then just push that bill over to them.
00:00
They can go ahead and expense for that.
00:00
It gives us another way of looking
00:00
at where our resources are being used.
00:00
It gives us another way of looking
00:00
at where our resources are being
00:00
used and how they're being
00:00
handled and how much we're spending on.
00:00
Each resource that you deploy
00:00
in Azure can have up to 50 tags.
00:00
Now I got to say, I've never
00:00
seen a resource with that many tags
00:00
assigned but you do have that if you want to go for it.
00:00
You can assign tags to resources
00:00
individually or you can do it in mass or in bulk.
00:00
Not all resources are going to support tags. That's okay.
00:00
That's beyond the scope to understand
00:00
which ones do and which ones don't.
00:00
Just know that you don't have to do that.
00:00
Tags are good for billing,
00:00
like what we've been talking about.
00:00
But you can always use it for other things
00:00
like just organization.
00:00
Management groups is the next level above subscription.
00:00
So far we've talked about subscriptions,
00:00
we've talked about resource groups and resources,
00:00
but management groups gets
00:00
us a little bit higher up on the scale.
00:00
If you have a lot of subscriptions that are
00:00
going to be assigned to one department, let's say IT.
00:00
In the organization that I work at now,
00:00
IT has a lot of subscriptions because IT is pretty vast.
00:00
We have a large team and
00:00
every team has their own subscription.
00:00
We use management groups to get an idea of
00:00
how many subscriptions there
00:00
are and who has access to them.
00:00
Really just get granular control
00:00
over how things are being managed as a whole.
00:00
Management groups are containers
00:00
which do hold multiple subscriptions.
00:00
They do come natively, like when you set it up,
00:00
you're going to have a management group,
00:00
but you can always make more as you go.
00:00
One thing you need to keep in
00:00
mind is that users who have access to
00:00
that management group will have access
00:00
to all the subscriptions in it.
00:00
This is one of those
00:00
things where you're going to want to have
00:00
role-based access control and you're going to want
00:00
to limit access to the management group.
00:00
Make sure only the people that
00:00
should be considered admins have access to
00:00
that and that everybody else maybe just have
00:00
some type of management read-write
00:00
access within the subscription.
00:00
Policies can be applied at the management group level.
00:00
If you have lots of
00:00
subscriptions that you know that the policies are
00:00
going to need to be distributed across for all subs,
00:00
you can just do it at the management group level.
00:00
You can just do it at the management
00:00
group level and then the policies will
00:00
just replicate and apply to all subscriptions.
00:00
One thing I want to point out here in this graphic,
00:00
you'll notice that each management group has a parent,
00:00
it has a child,
00:00
except for the root management group.
00:00
If we look at the IT management group,
00:00
IT has a child of production.
00:00
Production has Geo Region 1 and Geo Region 2,
00:00
with various subscriptions assigned to each one.
00:00
This is the tree.
00:00
Well, one thing I want to note is that
00:00
a management group can only have
00:00
one parent management group,
00:00
but can have multiple subscriptions or
00:00
multiple management groups as child to that.
00:00
That's just the nature of management groups.
00:00
You're going to want to keep this in mind because
00:00
this could be a question on your exam.
00:00
Another thing to note
00:00
about management groups is that you're
00:00
going to have a tenant root management group.
00:00
That's the one that sits here on top.
00:00
This is going to come right out when
00:00
you open your first Azure account.
00:00
The tenant root cannot be moved or deleted.
00:00
It's going to always stay there.
00:00
All users can see the roots,
00:00
but not everyone's going to have access to it.
00:00
This is something that you're going to want to restrict
00:00
to only your global admins.
00:00
This about summarizes this video.
00:00
In this video, we've talked about
00:00
resource tagging and how
00:00
tagging can be helpful for
00:00
cost management and just general organization.
00:00
Then we also talked about management groups,
00:00
which provides a way to manage your resources at
00:00
a even higher level than we've been talking so far.
00:00
We've talked about tenants,
00:00
we've talked about subscriptions,
00:00
we've talked about resource groups,
00:00
and we've talked about resources individually.
00:00
Now, management groups offers
00:00
a much higher level view
00:00
to manage multiple subscriptions.
00:00
There, in turn, the resource groups that
00:00
are being assigned within those subscriptions.
00:00
Pretty great stuff. I do recommend that you map this out.
00:00
Maybe get a pen and paper and draw this out.
00:00
Draw the relationship as you've learned this.
00:00
You have a mental picture of what this
00:00
relationship's going to look like
00:00
because you're going to want to understand this.
00:00
They will try to trick you
00:00
with certain questions on your exam,
00:00
so just be prepared for that.
00:00
This wraps up this lecture.
00:00
I'll see you in the next one.
Up Next
Manage Azure Resource Groups Lab
45m
Module 3 Conclusion
1m
Introduction to Module 4
2m