Describe management groups

Practice Test

True or False: Management groups in Azure provide a level of scope above subscriptions.

• True.
• False.

Answer: True.

Explanation: Management groups in Azure provide a way to manage access, policy, and compliance for numerous subscriptions, all at once.

Management groups in Azure are designed to manage:

• a) Multiple subscriptions
• b) Single resource
• c) Single subscription
• d) Multiple resources

Answer: a) Multiple subscriptions

Explanation: Azure management groups are used to manage multiple subscriptions.

True or False: Azure Management Groups can only manage up to 10 subscriptions.

• True.
• False.

Answer: False

Explanation: Azure Management Groups can manage any number of subscriptions, not just

Which Azure service provides management at a higher level than management groups?

• a) Azure Advisor
• b) Azure Policy
• c) Azure Blueprints
• d) None of the above

Answer: d) None of the above

Explanation: Management groups sit at the top of the management hierarchy in Azure. No other service provides management at a higher level than this.

True or False: You cannot apply Azure Policy at the Management group level.

• True.
• False.

Answer: False

Explanation: You can apply Azure policy at the management group level. This allows governance across multiple subscriptions.

Azure Management Groups cannot:

• a) Help manage access, policies, and compliance across multiple Azure subscriptions
• b) Are designed to manage single resource
• c) Group together multiple subscriptions for centralized management
• d) Provide management at the top of the Azure management hierarchy

Answer: b) Are designed to manage single resource

Explanation: Management groups are not designed to manage single resources. They are designed to manage multiple subscriptions for centralized management.

True or False: All subscriptions within a management group automatically inherit the conditions applied at the management group level.

• True.
• False.

Answer: True

Explanation: All subscriptions within a management group automatically inherit the conditions applied at the management group level. This could be Azure Policy or Azure Role-Based Access Control (RBAC).

The maximum number of management groups that can be created in a single directory is:

• a) 100
• b) 500
• c) 1000
• d) 10,000

Answer: d) 10,000

Explanation: A single directory can have up to 10,000 management groups.

True or False: The Azure management group is not a free service.

• True.
• False.

Answer: False

Explanation: The Azure management group is a free service.

Each directory can have one root management group created by default. What is this group named?

• a) Azure Root
• b) Tenant Root Group
• c) Directory Root
• d) Management Root

Answer: b) Tenant Root Group

Explanation: Each directory has one top level management group called the ‘Tenant Root Group’.

True or False: You can apply Azure cost allocation policies at the management group level.

• True.
• False.

Answer: True

Explanation: Yes, you can apply cost allocation policies at the management group level, allowing governance across multiple subscriptions.

An Azure service that provides a way to manage access, policies, and compliance across several Azure subscriptions is:

• a) Azure Active Directory
• b) Azure Management Groups
• c) Azure DevOps
• d) Azure Security Center

Answer: b) Azure Management Groups

Explanation: Azure Management Groups are designed to provide a way to manage access, policies, and compliance for several Azure subscriptions simultaneously.

True or False: Azure Management Groups do not support Azure Policy assignments.

• True.
• False.

Answer: False

Explanation: Azure Management Groups do support Azure Policy assignments, allowing governance across multiple subscriptions.

You can nest management groups up to how many levels deep?

• a) 2
• b) 6
• c) 12
• d) 10

Answer: b) 6

Explanation: The management groups tree can support up to six levels of depth. This limit does not include the Root level or the subscription level.

The number of subscriptions that can be created per Azure AD tenant is:

• a) 500
• b) 2000
• c) 5000
• d) Unlimited

Answer: b) 2000

Explanation: The number of Azure subscriptions that can be created per Azure AD tenant by default is 2, The default limit can be increased up to the maximum limit by contacting Azure Support.

Interview Questions

What are Azure Management Groups?

Azure Management Groups are container-like structures used to manage access, policy, and compliance for various resources across an entire organization, typically structured around business needs.

What entities can be structured under Azure Management Groups?

Management Groups can manage subscriptions, resource groups, and resources themselves.

Can you explain how hierarchy functions in Azure Management Groups?

Azure Management Groups function in a hierarchical structure where a management group can contain other management groups, and each of those can also contain other management groups. At the bottom level, each management group can have multiple subscriptions.

How is access management organized within Azure Management Groups?

Access control (IAM) is inherited from a management group down through the hierarchy. You can assign user permissions at the level of a management group, which will then apply to all the subscriptions within the group.

Can Azure Policies be applied at the Management Group level?

Yes, Azure Policies can be assigned at the management group level. This allows you to enforce compliance and standards across multiple subscriptions.

How many Azure management groups can you have in a single directory?

In one directory, you can have up to 10,000 management groups.

Can you move subscriptions from one management group to another?

Yes, subscriptions can be moved from one management group to another. However, you need to verify specific access rights before making such changes.

What is the root management group?

The root management group is the top-level management group in the hierarchy. It encapsulates all other management groups and subscriptions.

How many levels of Management Groups are allowed in a single tenant?

A single tenant can have up to six levels of Management Groups, excluding the Root level and the Subscription level.

What’s the purpose of Azure Management Groups?

Azure Management Groups provide a way to manage access, policies, and compliance across an organization’s multiple Azure subscriptions.

Can you delete a Management Group?

Yes, a Management Group can be deleted as long as it doesn’t contain any child resources. If it does, the children must be moved to another group or subscription before deleting.

How is governance applied using Azure Management Groups?

Governance conditions like Azure Policies and Azure Role-Based Access Controls (RBAC) can be applied at the management group level and these would be inherited by child resources, which helps in consistent governance across the organization.

What is the role of Azure Policy in Management Groups?

Azure Policy in Management Groups helps enforce organizational standards and assesses compliance at scale. Once a policy is implemented at a Management Group level, it’s enforced on all its child resources.

What is the process of creating a Management Group?

Management Groups can be created directly in the Azure portal. You can create a management group, assign subscriptions to it, and then set up the hierarchy as required.

Can a Management Group contain a mix of Subscriptions and other Management Groups?

Yes, a Management Group can have other management groups and subscriptions as children. It forms a hierarchy for the organization’s Azure resources.