Configure Subscription Policies
Start course

As an IT professional tasked with managing resources in Azure, it’s important to understand key administrative roles and permissions within a subscription and within a resource group. It’s also important to know how to leverage Role Based Access Control (RBAC) for managing such administrative roles and permissions.

In the first part of this course, you will learn about Azure subscriptions.  You will learn about key roles within a subscription, including contributor, owner, reader, and user access administrator. You’ll also learn how to manage these roles by using RBAC. We’ll also cover subscription policies and the role they play in the management of an Azure subscription.

In the second part of the course, we’ll talk about resource groups in Azure.  We’ll touch on what they do and how they are managed. You will learn how to secure resources within a resource group via resource policies and resource locks.  You’ll also learn about resource tagging and how it can be used to manage and group Azure resources.

Rounding out this course, we’ll cover the process of moving resources from one resource group to another, as well as the deletion of resource groups altogether.

Learning Objectives

Azure Subscriptions

  • Understand the owner role
  • Understand the subscription administrator Role
  • How to manage roles and permissions with RBAC
  • Understand subscription policies

Resource Groups

  • Understanding the purpose of resource groups
  • How to leverage resource group policies
  • How to use resource locks to protect resources
  • How to leverage resource tags  
  • Moving resources between resource groups
  • Removing resource groups

Intended Audience

  • IT professionals interested in becoming Azure cloud architects
  • IT professionals preparing for Microsoft’s Azure certification exams


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment

The Azure Security Center creates a default security policy automatically for each Azure subscription. These policies can be edited and monitored for compliance in Security Center. Security Center policies can also be extended by using Azure policy, which is a service in Azure that you use to create, assign, and manage policies.

Because security requirements for development resources typically vary from the requirements for production resources, it's critical to maintain policies that fit these requirements. As such, security policies are used to drive security recommendations and monitoring. This helps identify potential vulnerabilities and mitigates threats.

As you can see on the screen, the default security policy contains numerous policies and definitions that govern among other things, system updates, security configurations, endpoint protection, and disk encryption. The system updates policy retrieves a daily list of available security and critical updates and recommends that missing updates be applied.

The security configurations policy analyzes OS configurations to identify virtual machine vulnerabilities and recommends configuration changes to mitigate such vulnerabilities.

Endpoint protection and disk encryption policies make recommendations for protecting virtual machines from viruses and data theft. In addition to these policies, other policies are also useful for protecting the environment, such as network security groups, web application firewall, next-gen firewall, SQL auditing, and threat detection, SQL encryption, vulnerability assessment, storage encryption, and just-in-time network access. By leveraging all of these different policies, you can help identify potential vulnerabilities in the environment and mitigate any threats identified.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.