Sep 02 2022 05:35 AM
All,
Hope someone can elaborate and provide some insights on the following. Looking at Cloud Adoptation Framework for Azure there's a recommnedation to create an intermediate root management group rather than using the default root management group.
I don’t really understand the benefits. For example:
"which purposely avoids the usage of the root group so that organizations can move existing Azure subscription into the hierarchy."
What does that even mean? Can’t I move subscription around different management groups anyway?
I’ve also found the following https://www.linkedin.com/pulse/azure-architectural-designing-best-practices-amit-kumar/
Quoting from this post:
“The Management Group should be defined in such a way that there should be intermediate root management group between Tenant root and other management groups. Compliance & Policies should be applied at intermediate root MG and this will not alter the main root Management group at the top level.”
But alter in what why? What’s the difference altering the intermediate management group rather than the default one, since policies, RBAC would cascade in a waterfall fashion from top to all child management groups/subscriptions anyway? Regardless if it’s the default management group or an intermediate one.
Would really appreciate if someone could enlighten me on this!
Sep 03 2022 05:11 AM
Dec 15 2022 01:51 PM