Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D.AD
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription.
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administratorWhen an organization migrates to Azure, it needs to consider how to segment its resources for different departments or groups. Here are the possible techniques to segment Azure for departments:
A. Multiple subscriptions: A subscription is a billing container for Azure services. An organization can create multiple subscriptions, each with its own billing account, to segment resources for different departments. Each department can have its own subscription, and the department administrator can manage resources within the subscription. This technique provides a clear separation of billing and resource management.
B. Multiple Azure Active Directory (Azure AD) directories: Azure AD is a cloud-based identity and access management service. An organization can create multiple Azure AD directories to segment resources for different departments. Each directory can have its own set of users, groups, and applications, and department administrators can manage resources within their directory. This technique provides a clear separation of user and application management.
C. Multiple regions: Azure has multiple regions around the world, and an organization can deploy its resources to different regions to segment resources for different departments. Each department can have its own set of resources deployed to a specific region, and the department administrator can manage resources within that region. This technique provides a clear separation of resource deployment.
D. Multiple resource groups: A resource group is a logical container for Azure resources that share the same lifecycle. An organization can create multiple resource groups to segment resources for different departments. Each department can have its own set of resource groups, and the department administrator can manage resources within those resource groups. This technique provides a clear separation of resource management.
In conclusion, an organization can use any combination of these techniques to segment its resources for different departments, depending on its requirements and preferences.