Describe core Azure architectural components
You might also need additional subscriptions because of
Subscription limits
two types of subscription boundaries
1. Billing boundary 2. Access control boundary
create additional subscriptions to separate:
1. Environments 2. Organizational structures 3. Billing
the organizing structure for resources in Azure, which has four levels
1. management groups, 2. subscriptions, 3. resource groups 4. resources.
Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
Access control boundary
if your organization has many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions. ___ ___ ___ provide a level of scope above subscriptions. You organize subscriptions into containers called ___ ___ and apply your governance conditions to the management groups.
Azure management groups management groups
is a manageable item that's available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are all examples of resources.
Azure resource
Azure requires an ___ ___ .It provides you with authenticated and authorized access to Azure products and services. It also allows you to provision resources. An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.
Azure subscription
An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access-management policies. You can use ____ ____ to define boundaries around Azure products, services, and resources.
Azure subscriptions
This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
Billing boundary
You can create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the ___ ___ ___that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can't be altered by the resource or subscription owner, which allows for improved governance.
Enterprise Agreement subscriptions
first step to started with Azure will be to create at least one Azure _____. You'll use it to create your cloud-based resources in Azure.
subscription
These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
Management groups
A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. _______ can use subscriptions to manage costs and the resources that are created by users, teams, or projects
Organizations
Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
Resource groups
______ are instances of services that you create, like virtual machines, storage, or SQL databases.
Resources
you can apply policies to a management group that limits the regions available for ___ ___ . This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.
VM creation
you can set up multiple invoices within the same billing account. To do this, create additional ___ ___ . Each billing profile has its own monthly invoice and payment method.
billing profiles
Subscription limits are
bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. limits should be considered as you create subscriptions If there's a need to go over those limits you might need additional subscriptions.
Each management group and subscription can support only one parent. Each management group can have many _____. All subscriptions and management groups are within a single hierarchy in each directory.
children
You can build a flexible structure of management groups and subscriptions to organize your resources into a ___for unified policy and access management.
hierarchy
All subscriptions within a management group automatically ___ ___ ___ applied to the management group give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same.
inherit the conditions Azure AD tenant
you can organize them into invoice sections. Each invoice section is a line item on the invoice that shows the charges incurred that month. For example, you might need a single invoice for your organization but want to organize charges by department, team, or project.
multiple subscriptions
where you would use management groups is to provide user access to multiple subscriptions. By moving multiple subscriptions under that management group, you can create one___ ___ on the management group, which will inherit that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC over different subscriptions
role-based access control (RBAC) assignment
10,000 management groups can be supported in a ______. A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.
single directory
