Manage subscriptions

Manage Azure subscriptions and governance

📘Microsoft Certified: Azure Administrator Associate (AZ-104)

1. What Is an Azure Subscription?

An Azure subscription is a logical container used to hold Azure resources such as virtual machines, storage accounts, and virtual networks.

It defines:

  • Billing boundary (who pays)
  • Resource limits / quotas
  • Access control boundary
  • Management boundary for governance tools like Azure Policy or RBAC

IT Example

Your organization may have:

  • One subscription for Production workloads
  • Another subscription for Development and Testing
  • Another subscription for Security/Monitoring tools

This separation improves cost visibility, security, and management.

2. Types of Azure Subscriptions (Important for Exam)

Different organizations use different subscription types depending on usage and licensing.

Common Subscription Types

Subscription TypeDescription
Azure Free TrialLimited credits for new users. Not used in enterprise, but good for learning.
Pay-As-You-Go (PAYG)Charges are based on actual usage, most common for businesses.
Enterprise Agreement (EA)Used by large enterprises; provides discounted pricing and consolidated billing.
Microsoft Customer Agreement (MCA)Modern agreement for organizations purchasing Azure directly or via CSP.
Cloud Solution Provider (CSP)Managed by a Microsoft partner; customers pay the partner instead of Microsoft.

Important Exam Focus

  • Understand MCA, EA, and CSP billing structures.
  • Know where to manage billing based on subscription type
    (Azure Portal, Azure EA Portal, Microsoft 365 admin center, CSP portal).

3. Subscription Limits, Quotas, and Resource Count

Each subscription has limits (also called quotas) for resources.
Examples:

  • Maximum number of virtual networks
  • Maximum number of cores per region
  • Public IP limits
  • Storage account limits

Requesting Quota Increases

  • Open Support RequestQuota
  • Can only increase some limits (e.g., VM vCPUs), not hard limits (such as number of resource groups).

Exam Tip:
Know how to create a support ticket to request a quota increase.

4. Subscription Management Tasks (Key Exam Area)

As an Azure Administrator, you must know how to:

4.1. View All Subscriptions

In Azure Portal:
Home → Subscriptions

From here you can see:

  • Subscription ID
  • Billing type (EA, CSP, MCA)
  • Directories it belongs to
  • Subscription status (Enabled, Disabled)

4.2. Change Subscription Directory (Tenant Migration)

A subscription can be moved from one Azure AD tenant to another.

Important notes:

  • Not all subscription types support it (example: CSP-based subscriptions have restrictions)
  • You must have:
    • Owner role on the subscription
    • Global Admin role in both Azure AD tenants

4.3. Assign the Billing Administrator

Billing roles include:

  • Billing Account Owner
  • Billing Account Contributor
  • Invoice Manager

These are managed outside Azure RBAC in:

  • MCA → Billing management in Azure Portal
  • EA → EA Portal
  • CSP → Partner portal

5. Cost Management and Billing (Very Important for the Exam)

Azure subscription management includes tracking and controlling cost.

5.1. Cost Management Tools

You can:

  • Monitor cost
  • Set spending budgets
  • Analyze cost per resource
  • Forecast future spending

These tools are found under:
Subscription → Cost Management + Billing

5.2. Budgets

Budgets help prevent cost overruns.
You can configure alerts when certain percentages are reached (50%, 80%, 100%).

Exam Tip:
Budgets do not stop resources, they only alert.

5.3. Cost Analysis

Shows:

  • Daily/Monthly cost
  • Resource-level cost
  • Forecast

5.4. Exporting Cost Data

You can export cost data to:

  • Storage accounts
  • CSV files
  • Power BI

6. Moving Resources Between Subscriptions

Azure allows moving many resource types between subscriptions.

Reasons You May Move Resources

  • Organizational restructuring
  • Billing separation
  • Migration from Dev to Production subscription

Requirements for Moving Resources

  • Both subscriptions must be in the same Azure AD tenant
  • You need Owner role on both subscriptions
  • Some resources cannot be moved (exam may ask which ones)

Supported Resources

Most common resources are supported:

  • VMs
  • VNets
  • Storage accounts
  • Resource groups

How to Move

Azure Portal → Resource Group → MoveMove to another subscription

7. Subscription Access Control (RBAC)

Each subscription has an access control boundary.
You can assign RBAC roles at subscription level to give wide access.

Important built-in roles:

  • Owner – Full access + can assign roles
  • Contributor – Full access to manage resources, cannot assign roles
  • Reader – Read-only access
  • Billing Reader – View billing information only

Exam Tip:
RBAC roles and billing roles are managed separately.

8. Subscription States (Exam Must-Know)

A subscription can be in one of the following states:

StateMeaning
EnabledFully active; resources operate normally
WarnedApproaching limit or payment issue
DisabledResources are stopped; management operations blocked
DeletedSubscription permanently removed

Exam may ask what happens when a subscription is Disabled:

  • VMs stop
  • Storage stays but access may be reduced
  • No deployments or management operations allowed

9. Management Groups (Used for Subscription Organization)

Management groups organize multiple subscriptions into a hierarchy.

Benefits:

  • Apply policies at scale
  • Apply RBAC at scale
  • Organize large environments

Hierarchy example:

Root Management Group
    ├── Production Group
    │       ├── Prod Subscription 1
    │       └── Prod Subscription 2
    └── Development Group
            └── Dev Subscription

Exam Focus:
Policies or RBAC applied at the management group level automatically apply to all subscriptions beneath it.

10. Azure Advisor and Subscription Recommendations

Azure Advisor helps optimize:

  • Cost
  • Security
  • Performance
  • Reliability

Exam Tip:
Azure Advisor provides recommendations, but does not enforce changes.

11. Administrators for Subscriptions

There are several admin roles in subscriptions:

1. Account Administrator (Legacy)

  • Manages billing
  • Not used much today

2. Service Administrator

  • Admin for all resources in the subscription
  • Auto-assigned to the person who created the subscription

3. Azure AD Global Administrator

  • Manages identity-related subscription changes
  • Required for tenant-level tasks

4. RBAC Roles

  • Owner, Contributor, Reader

Summary for Exam Success

To pass the Manage Subscriptions section of AZ-104, make sure you can:

✔ Explain what a subscription is
✔ Identify subscription types (EA, MCA, CSP)
✔ Manage billing and cost
✔ Create and use budgets
✔ Move resources and subscriptions
✔ Understand subscription states
✔ Manage access using RBAC
✔ Use management groups for organization
✔ Request quota increases
✔ Understand billing administrator roles
✔ Know which operations require tenant administrator rights

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by