Table of Contents
Managing subscriptions in Azure is a critical task for administrators who need to maintain control over resources, costs, and permissions. The AZ-104 Microsoft Azure Administrator exam tests candidates on their ability to manage Azure subscriptions effectively, among other skills.
Azure subscriptions are a fundamental entity in Azure, acting as a container for resources. They define the boundary of Azure services, resource management, and billing. Each subscription can have a different billing model and access control policies.
To manage Azure subscriptions, you need to understand the relationship between Azure Active Directory (Azure AD) and Azure subscriptions. An Azure subscription is associated with a single Azure AD tenant, and this relationship dictates who can access resources within that subscription.
Access to Azure subscriptions is managed through Role-Based Access Control (RBAC). RBAC ensures that only authorized users can perform specific actions within a subscription. Here’s an example of how permissions can be structured in RBAC:
Role | Permissions |
---|---|
Owner | Full access to all resources |
Contributor | Create and manage all resources but cannot grant access to others |
Reader | View resources but cannot make changes |
In practice, you would assign roles to users, groups, service principals, or managed identities at the subscription level or scope them to specific resources.
A key part of subscription management is keeping track of costs and billing. Azure provides tools like Cost Management and Billing to help administrators monitor and control Azure spending.
Here’s a simple breakdown of cost management features you can use:
It’s important to regularly review and adjust budgets in line with actual spending and organizational changes.
To manage costs within a subscription, an administrator can create a budget. For instance, you can set a monthly budget of $500 with the following steps:
Organizations may need to transfer subscriptions or manage multiple subscriptions due to changes in project ownership or company structures.
To transfer ownership of an Azure subscription, you must have the Owner role at the subscription scope. The new owner must also accept the transfer by providing their account information. The process involves updating the subscription directory in the Azure Account Center.
For managing multiple subscriptions, Azure Lighthouse provides a way to manage resources across multiple subscriptions and even across multiple Azure AD tenants. This is especially useful for service providers who manage resources for multiple clients.
Azure Policy is a service that helps enforce organizational standards and assess compliance. Administrators can assign policies to a subscription to ensure that resources comply with the organization’s requirements.
For example, a policy could enforce that all resources deployed in a subscription should be located in a specific Azure region to comply with data residency regulations.
Effective subscription management encompasses access control, cost management, transfers, multiple subscription oversight, and compliance. Mastery of these areas is essential for Azure administrators and is rigorously tested in the AZ-104 exam. Keeping up-to-date with Azure’s tools and best practices is crucial for ensuring efficient, secure, and cost-effective operations in the cloud.
Azure provides Role-Based Access Control (RBAC) which allows you to assign roles to users at different scopes, including the subscription level, to manage their access permissions to resources.
Cost Management and Billing is available to various types of accounts including Enterprise Agreement, Pay-As-You-Go, and Microsoft Customer Agreement accounts in Azure.
You can manage Azure subscriptions using the Azure Portal, Azure Command-Line Interface (CLI), and PowerShell. Azure Active Directory is used for identity services but does not directly manage subscriptions.
Azure subscriptions do not have a hard limit on the number of resource groups; you can create as many resource groups as your management needs deem necessary.
Azure Resource Groups help to organize resources and manage costs by grouping together related resources.
You can have a maximum of 200 co-administrators for an Azure subscription.
The Azure Portal provides the functionality to move resources from one subscription to another, provided you have the necessary permissions.
It is not always necessary to delete all resources before canceling a subscription, but to avoid unnecessary charges, it is recommended to clean up resources you no longer need.
Azure subscriptions are global and can contain resources from multiple geographical regions. They are not restricted to a single region or to having specific resources such as a Virtual Machine.
When transferring billing ownership of an Azure subscription, the recipient must be in the same Azure Active Directory tenant as the current owner. This ensures that billing ownership stays within the same organizational control.
Azure Policies can be applied to resources across your subscriptions to enforce tagging and other compliance-related rules.
Azure Budgets allows you to set thresholds for your spending and receive alerts when your spending reaches those thresholds.
A subscription is an agreement with Microsoft to use one or more Azure services.
You can create a subscription in Azure by signing up for a free account, purchasing a new subscription, or by getting added to an existing subscription as a co-administrator.
Yes, you can switch Azure offers after creating a subscription.
An Azure offer is a set of Azure services with a specific pricing model.
No, you cannot change the Azure offer for an existing subscription. You need to create a new subscription and move your resources to it.
To create a new subscription in Azure, you need to provide some basic information such as your name, email address, phone number, company name, and country. You also need to choose a subscription type and a payment method.
A management group is a logical container for managing access, policies, and compliance across multiple subscriptions.
You can switch the Azure offer for a subscription by following the steps in the Azure portal. You need to select the subscription you want to modify and then choose the new Azure offer you want to switch to.
To remove a subscription from your Azure account, you need to open the Subscriptions page in the Azure portal, select the subscription you want to remove, and then click the Delete button.
To add a co-administrator to an Azure subscription, you need to go to the Subscriptions page in the Azure portal, select the subscription you want to modify, and then click the Access control (IAM) button. From there, you can add the co-administrator with the appropriate role.
You can limit spending for an Azure subscription by setting up cost alerts, creating budgets, or using Azure reservations.
An Azure reservation is a discount on the cost of running a specific Azure resource for a specified period.
No, you cannot delete a subscription that contains resources. You need to move or delete the resources first.
To transfer ownership of an Azure subscription, you need to create a support ticket with Microsoft and provide the necessary information, such as the email address of the new owner.
A resource group is a logical container for managing Azure resources that share the same lifecycle and permissions.
If this material is helpful, please leave a comment and support us to continue.