As such, developing a keen understanding of how to manage subscriptions is crucial for a competent Azure Administrator and is a significant area of focus in the AZ-104 Certification Exam.
Understanding Azure Subscriptions
A subscription is essentially a logical container used to organize Azure resources. Each resource deployed in Azure must be housed within a subscription. Different subscriptions can have different associated payment methods, access permissions, and billing profiles, facilitating granular control over organizational spending and resource management.
Choosing a subscription model that aligns with your organization’s scales, budgets, and IT governance policies is a critical first step to managing subscriptions. Azure offers three main types of subscriptions: Free Trial, Pay-As-You-Go (PAYG) and Enterprise Agreement (EA).
- Free Trial: Suitable for users playing around with Azure for the first time.
- Pay-As-You-Go (PAYG): Ideal for small to medium-size businesses with fluctuating workloads.
- Enterprise Agreement (EA): Beneficial for large organizations with steady workload streams.
Managing Subscriptions: Key Activities
As an Azure Administrator, your subscription management activities include:
- Assigning roles: A vital operation in managing subscriptions is role-based access control (RBAC). Azure provides predefined roles such as Owner, Contributor, and Reader, each with distinct permissions.
- Cost Management and Billing: Azure Cost Management can help you track cloud expenditure by visualizing, managing, and optimizing your Azure costs.
- Organizing Resources: Subscriptions also allow you to logically arrange your Azure resources. Usage of management groups, resource groups and tags can be crucial in maintaining an organized environment.
- Moving resources: Azure allows moving resources between different subscriptions and resource groups. This includes resources like virtual machines (VMs), databases, and storage accounts.
Azure Policy: A powerful tool
Azure Policy is a service capable of enforcing organizational standards and evaluating compliance at scale. With Azure Policy, you can create data driven, adaptive and responsive policies.
Example: Create a policy to only allow VMs from certain publishers.
az policy definition create –name ‘myPolicyDefinition’ –display-name ‘Allowed virtual machine SKUs’ –description ‘This policy governs which virtual machines SKUs can be deployed.’ –rules ‘{
“if”: {
“allOf”: [
{
“field”: “type”,
“equals”: “Microsoft.Compute/virtualMachines”
},
{
“not”: {
“field”: “Microsoft.Compute/virtualMachines/sku.name”,
“in”: [“Standard_D2s_v3”, “Standard_D4s_v3”]
}
}
]
},
“then”: {
“effect”: “deny”
}
}’
Subscription Management: Final Thoughts
Properly managing subscriptions is critical in Microsoft Azure. With a firm understanding of their different types and potential uses, including role-assigning, cost management, resource organization, moving resources, and the potent Azure Policy feature, you will be well-positioned to manage subscriptions in your Azure environment.
The AZ-104 Exam will test your knowledge and practical skills in these areas, demonstrating your competence as an Azure Administrator. A solid grip on these aspects will not only help you pass the AZ-104 exam but also better manage Azure cloud environments in daily operations.
Practice Test
True/False: Within Azure, it is possible to have multiple subscriptions per tenant.
- True
- False
Answer: True
Explanation: Azure does allow for multiple subscriptions per tenant. You can add multiple subscriptions to a user, application, or service principal in your tenant.
Which of the following can be changed on Azure Subscription from Azure Portal?
- A. Cost Center
- B. Subscription ID
- C. Subscription Status
- D. Subscription Owners
Answer: A, D
Explanation: You can change Cost Center and Subscription Owners from Azure Portal. Subscription ID is auto-generated and cannot be changed. Subscription Status also cannot be changed directly from the Azure Portal.
True/False: An Azure subscription can be part of only one management group.
- True
- False
Answer: False
Explanation: An Azure subscription can be part of multiple management groups in Azure.
Which of the following Azure management tools can be used to manage subscriptions?
- A. Azure portal
- B. Azure CLI
- C. Azure PowerShell
- D. All of the above
Answer: D. All of the above
Explanation: In Azure, you can manage subscriptions through the Azure portal, Azure CLI, or Azure PowerShell.
Is it possible to change the Azure subscription type?
- A. Yes
- B. No
Answer: A. Yes
Explanation: Azure subscription type can be changed if the need arises, such as from pay-as-you-go to Enterprise Agreement.
An Azure management group is used to:
- A. Add resources to a subscription
- B. Manage subscriptions
- C. Add users to a subscription
- D. None of the above
Answer: B. Manage subscriptions
Explanation: In Azure, a management group is used for providing governance controls over subscriptions.
When it comes to Azure subscriptions, RBAC stands for:
- A. Resource Budget Access Control
- B. Role-Based Analytical Console
- C. Role-Based Access Control
- D. Resource-Based Access Credentials
Answer: C. Role-Based Access Control
Explanation: In Azure Subscriptions, RBAC is a term meaning Role-Based Access Control, which is a policy that assigns roles to users, groups, and applications at a certain scope.
Is it possible for a single Azure subscription to use multiple Azure AD Tenants?
- A. Yes
- B. No
Answer: B. No
Explanation: Each Azure subscription is associated with a single Azure AD tenant.
In Azure, subscriptions provide:
- A. User identity
- B. Billing
- C. Resource management
- D. All of the above
Answer: D. All of the above
Explanation: Azure subscriptions provide a way to manage costs, track billing, define user roles, and manage resources.
Azure Lighthouse is used for:
- A. Changing subscription types
- B. Monitoring subscription usage
- C. Managing subscriptions on behalf of other organizations
- D. None of the above
Answer: C. Managing subscriptions on behalf of other organizations
Explanation: Azure Lighthouse enables delegating and managing resources and subscriptions on behalf of other organizations.
True/False: Azure subscriptions have a limit on the number of resources that can be created in each subscription.
- True
- False
Answer: True
Explanation: Each Azure subscription has limits on the amount of resources that can be created in the subscription. The exact limit depends on the type of resource.
True/False: Subscriptions are Azure resources themselves.
- True
- False
Answer: True
Explanation: Subscriptions are also Azure resources that can have RBAC policies applied, resource limits, and organizational policies.
True/False: A subscription owner can assign the role of “owner” to others.
- True
- False
Answer: True
Explanation: A subscription owner can indeed assign the “owner” role to other users, allowing them to fully manage the subscription as well.
True/False: The Azure cost management tool can be used to track costs and usage across multiple subscriptions.
- True
- False
Answer: True
Explanation: Azure Cost Management provides visibility into your organization’s Azure spend and usage across multiple subscriptions.
A single Azure AD tenant can relate to:
- A. A single subscription
- B. Multiple subscriptions
- C. A single resource group
- D. A and B
Answer: D. A and B
Explanation: A single Azure Active Directory (AD) tenant can relate to a single subscription or even multiple subscriptions.
Interview Questions
What is the use of Azure Cost Management for managing subscriptions in Azure?
Azure Cost Management allows administrators to manage and optimize the costs in Azure. It provides tools to monitor, allocate, and optimize costs to understand how resources are being utilized.
Where can you find the subscription ID in the Azure portal?
The Azure subscription ID can be found in the ‘Subscriptions’ section under the ‘All services’ in the Azure portal.
What is Azure role-based access control (RBAC)?
Azure role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources, allowing you to create and assign roles that can vary in terms of access levels for various services and resources.
When managing subscriptions, what is the role of an owner?
The owner has full access to all resources, including the right to delegate access permissions to others. They can manage resources, subscriptions, and perform all operations provided by RBAC.
How to change the cost center for a subscription in Azure?
To change the cost center for a subscription in Azure, go to ‘Cost Management + Billing’, then select the subscription you want to change, and under ‘Billing’ select ‘Properties’. Then you can edit the cost center.
What is the use of Billing scopes in Azure?
Billing scopes in Azure are important to manage the billing of your Azure resources. It helps in organizing subscriptions and resources to control and analyze costs.
What is the difference between a subscription administrator and a service administrator in Azure?
The subscription administrator has control over all services and resources in the subscription, while a service administrator has control over specific services within a subscription.
How to change the ownership of an Azure subscription?
You can change the ownership of an Azure subscription in the Azure portal, go to ‘Subscriptions’, then select the subscription you want to change, and then select ‘Change Owner’.
Can you have multiple Azure subscriptions?
Yes, you may have multiple Azure subscriptions, which is useful if you need to separate billing or management of resources.
How to transfer an Azure subscription to a different directory?
To transfer a subscription to a different directory, navigate to your subscription in the Azure portal, then select ‘Change Directory’. From here you can select the new directory.
What steps are required to delete an Azure subscription?
To delete a subscription in Azure, you must first disable or delete all the resources associated with the subscription. Once this is completed, you can cancel the subscription in the ‘Subscriptions’ section of the portal.
How to apply tags to resources in Azure for subscription management?
You can apply tags to resources by selecting the specific resource in the Azure portal, selecting ‘Properties’, and then ‘Tags’. Enter the tag name and value, then click ‘Save’.
How to view subscription invoices in Azure?
To view subscription invoices, navigate to ‘Cost Management + Billing’ in the Azure portal, and then under ‘Billing’, select ‘Invoices’.
How to set a spending limit on a subscription in Azure?
Azure doesn’t directly allow you to set a spending limit on a subscription, but you can use ‘Budgets’ in ‘Cost Management + Billing’ to create alerts based on your spending patterns.
Can you restore a canceled Azure subscription?
Yes, a canceled Azure subscription can be reactivated within 30 days for pay-as-you-go subscriptions and within 90 days for other subscription types.