Skip to content

Azure Subscription Terminology

Identity Management

  • Authentication : Verifying user credentials, such as a user name and password, in order to confirm the user's identity.
  • Authorization : Identifying the resources that a user who has provided authentication can access and the operations they are authorized to carry out.

Azure only trusts Azure Active Directory (Azure AD) as the only identity service.

Tenant

An organization is represented by a tenant. At the start of a partnership with Microsoft, an organization or app developer is given a dedicated instance of Azure AD. There are no similarities or divisions between any two Azure AD tenants. Tenants of Azure AD are closely entwined with the underlying agreement with Microsoft. Although Optum has a number of tenants, the primary one goes by the name of UHG Tenant. Our Optum Active Directory MS domain is kept in sync with this Azure AD tenant.


Info
It is important to understand that within Azure, any user that is within the AD has no rights to resources until assigned.

Subscriptions

A logical structure called an Azure subscription is used to group resource groups and the resources that belong to them. Once the Azure subscription is created, it will have to be linked to the Azure AD Tenant. The OWNER Role with the SCOPE of "Subscription" will then be given to the person who requested the subscription. With the OWNER Role, the user has the ability to add and remove resources and resource groups from the subscription. The user may also assign other users roles within the granted scope.

Management Groups

If an organisation has a lot of Azure subscriptions, it might require a mechanism to manage access, policies, and compliance for those subscriptions effectively. Management groups provide a governing scope over the subscriptions. The governance requirements applied, cascade by inheritance to all connected subscriptions when one arrange subscriptions into management groups.

Resources

An entity that is handled by Azure is referred to as a resource in Azure. Azure resources include things like virtual machines, virtual networks, and storage accounts.

Resource Groups

A resource group is required for every resource in Azure. Multiple resources are simply grouped logically into resource groups so they may be handled as a single unit for lifecycle and security management. The creation or deletion of resources with comparable lifecycles, such as ALL resources for an n-tier application, is one example. In other words, a resource group consists of everything that is born together, is managed together, and depreciates together.