LinkedInGitHubYouTube

Azure Overview

An overview of Azure's architecture

Entra ID Tenant
└── Management Groups (optional)
     └── Subscription(s)
          └── Resource Group(s)
               └── Resource(s)

Entra ID Tenant

  • Previously known as Azure AD

  • The identity and security boundary for an organization

  • Manages identities (e.g., Users/Devices/Apps) but does not contain Azure resources directly

  • Grants access to Microsoft 365

Management Groups

  • Optional, enables organizing Azure Subscriptions and applying RBAC/Policy at scale

  • These could group Subscriptions by region, department, environment (dev/staging/prod), or other

Azure Subscriptions

  • The primary billing and isolation boundary within an Entra ID tenant

  • Must be linked to an Entra ID tenant (belongs to exactly one tenant)

  • Required to deploy any resources (e.g., VMs, apps, databases, etc.)

  • These could exist for each environment (dev/staging/prod), product line, or other

Resource Groups

  • The "folder" to organize Resources within an account (Azure Subscription)

  • Required to deploy any Azure Resources (e.g., VMs, networking, etc.)

  • Can hold Resources belonging to multiple Regions

  • Deletion of a Resource Group deletes all its Resources

Resources

  • Azure Resources (e.g., VMs, databases, networks, etc.)

  • Belongs to exactly one Resource Group

PreviousAzure CLI Cheat SheetNextAzure Identity & Access Management

Last updated

Was this helpful?