1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Designing an Azure Virtual Desktop Architecture

Recommending Resource Groups, Subscriptions, and Management Groups

Start course

An important aspect of any Azure Virtual Desktop (AVD) environment is ensuring it is designed to not only meet best practices standards but also meet your organization’s requirements. To get the most out of this cloud-hosted service, it is important to use the correct features and components that make up the AVD environment which will, in turn, give a much better experience for your users. 

This course will help you design and plan your Azure Virtual Desktop environment and allow you to understand how it integrates with other Azure services. It covers understanding network and sizing requirements, recommending the correct identity and access management (IAM) solution to integrate with AVD, the operating system (OS) options that support AVD, and a closer look at the different host pool types with use cases they fit into.

Learning Objectives

  • Assessing existing physical and virtual desktop environments
  • Assessing network capacity and speed requirements for Azure Virtual Desktop
  • Recommending an operating system for an Azure Virtual Desktop implementation
  • Planning and configuring name resolution for Active Directory (AD) and Azure Active Directory Domain Services (Azure AD DS)
  • Planning host pools architecture
  • Recommending resource groups, subscriptions, and management groups
  • Configuring a location for the Azure Virtual Desktop metadata
  • Calculating and recommending a configuration for performance requirements

Intended Audience

This course is intended for people who want to become an Azure Virtual Desktop Specialist and/or are preparing to take the AZ-140 exam.


If you wish to get the most out of this course, it is recommended that you should have a good understanding of Azure Administration, however, this is not essential.


Welcome to this module on recommending resource groups, subscriptions and management groups. In this module, we'll cover the following topics. We'll discuss what a resource group is. We'll talk about what a subscription is. I'll explain what a management group is. Finally, we'll take a closer look at an example of a typical hierarchical view of all three. A resource group is a logical container that allows you to manage your Azure resources that have been provisioned.

You can create multiple resource groups within your tenant and the number you have is very much dependent on your organization's use case The resource group is the first logical management layer at which your Azure resources are stored. For example, if you have a number of departments, you might separate those departments' provisioned resources into their own resource group. A resource group also stores metadata on the services you have placed in it. This is why it is essential that you choose the location of where you want your resource group to be situated carefully, as it needs to be in a country and region your organization's policies allow.

The next level up in the Azure management hierarchy is a subscription. This is another logical container that stores metadata, and you can have multiple subscriptions within a tenant. You can also have multiple resource groups within a single subscription within multiple regions. You must have at least one subscription within your Azure tenant before you can start provisioning any cloud services, regardless of whether it is infrastructure as a servive, IaaS, software as a service, SaaS, or platform as a services, PaaS. The top level of management within Azure is a management group and much like the levels below it, this too is a logical container.

Management groups enable administrators to manage policies, access and compliance for multiple subscriptions and allow you to propagate settings down the management structure. As mentioned in the last point, you can manage multiple subscriptions within a management group regardless of the locations. In the final part of this module, we're going to take a look at a typical management hierarchy, which includes management groups and subscriptions.

At the top layer, you have your root management group where you can apply policies and access rights you want to propagate down to the other resources. If we look at the next level down in the hierarchy, we have another layer of management groups that have been separated into departments, but also an enterprise subscription. At this level, an administrator could implement policies and access that are specific to each department.

Another level down, we have branched off into our separate, department-specific management groups where we have a mixture of subscriptions for testing and trials and a management group for production. It is this management group that is linked to the next level down where we have two region-specific management groups, which leads down to the lowest level in this hierarchy that consists of multiple enterprise subscriptions. This type of management hierarchy is typical of what you may find in an enterprise level organization, so it is recommended you take time to think about how this fits your Azure Virtual Desktop environment.

About the Author

Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.