This article covers the “Manage Azure Subscriptions” section of the AZ-100 Exam and is part of my AZ-100 Study Notes series.

Administration Rights

At the subscription level, a user may be granted Administrator rights by doing the following –

1. Select Subscriptions
2. Select the subscription to assign roles within
3. Click ‘Access control (IAM)’
4. Click ‘Add’ then ‘Add role assignment’ which will open the ‘Add role assignment’ tab.
5. Select the ‘Owner’ role
6. In the ‘Select’ box either search for an existing user or input the email to send an invitation to.
7. Click Save to save the new role assignment.

The ‘Owner’ role allows the specified user to modify any element of the current subscription including access to resources.

This process is covered by – https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

Cost Center Quotas & Tagging

Quotas

Quotas or Microsoft Azure limits are limitations imposed on the amount of a single Azure resource such as vCPUs or the number of virtual machines.

Quotas are generally defined per-subscription unless managed by Azure Resource Groups, in which case they are managed per-region.

Quota increases beyond the default can easily be requested via a support request lodged through Azure so long as they are not already at the defined Maximum Limit, so long as the subscription is not a ‘Free Trial subscription’.

Quotas and Quota Limits are covered in more detail at – https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits

Tagging

Tagging is metadata associated with individual elements such as subscriptions, resources of any type including VM’s etc, storage accounts etc.

Tags consist of a name and value pair and when tagging, previously defined values are automatically suggested. EG. if you have entered a tag with the name ‘Technical Contact’ it will then suggest that when you type ‘T’ in any other resource. This allows for easy standardisation.

Tags may be added by accessing a resource in Azure and either navigating to the ‘Tags’ page or by clicking ‘Change’ beside the Tags heading in the Overview. An example of a tag ‘Technical Contact’ can be seen in the image below.

Tags may also be automatically applied (or required) by policies at the Subscription level, the following can be enforced –

Resources are limited to 15 individual tags on a single resource, with various limitations around numbers of characters etc as defined in the Microsoft Doc link further below.

Tags allow for easy sorting and filtering in many ways such as the ‘Cost Analysis’ and also allow for easy searching via PowerShell queries.

Further information can be found at – https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

Subscription Policies (Subscription Level)

Policies at the subscription level may be accessed by accessing a subscription and then selecting ‘Policies’ which is found under the ‘Settings heading.

Policies can enforce various rules and effects on resources in a subscription such as requiring that resources be located in a specific region such as ‘UK South’, enforcing specific VM types such as only the ‘D series’ or even automatically deploying Log Analytics Agents and the likes to VM’s among many other things.

At the time of writing, there are 148 individual preconfigured policies with a wide range of effects.

Policies are inherited by all resources below the level that a policy is defined, this allows for easy company-wide enforcement of defined policies.

Several policies can make up an ‘Initiative’ which is a collection of policies that allow for simple rollouts throughout Azure