Researching a customer’s Azure policies recently, I realised how complex their configuration was; the many subscriptions & many policies defined in each & the overhead incurred in trying to keep everything in sync.
If you have a complex setup, Azure Management Groups is a great tool to simplify policies in a multi-subscription environment:
“If your organisation¬†has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organise¬†subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.”