Azure Resource Manager – Resource Groups

Azure Resource Groups, or will it be Azure Stack Resource Groups? Anyway, aside the name, let’s talk about what they are and what we can do with it. A Resource Group is a container of resources. No, not the new container technology what Microsoft announced at Ignite 2015. It’s a container that can held the resources you assign from your deployment whether it is a VM, Database, or Website. It enables you to group related entities. In Azure Pack you can deploy VM Roles that is actually a Cloud Service that holds the resources you have deployed. Also in Azure you can deploy Cloud Services that holds VMs and their assigned endpoints. The issue with Cloud Services is that management tasks are related to the Cloud Services and not to the individual components in that Cloud Service. In a Resource Group you can manage each resource independent. A resource is not bound to that specific Resource Group. You can move a resource to another Resource Group. But remember, a resource can be only in one resource group. Here you see a summary of a Resource Group and their resources:

All the resources I can manage independently. I can also add resources that are not directly related to the VM but are related to my deployment. Let’s say for example that this VM needs a SQL Database for access data from the database. Or a website that will act as my frontend and needs to access data from my VM. I can manage my deployment as a whole and that the key here. You can create a Resource Group using the Portal when deploying new resources or using PowerShell using this command:

in Azure CLI you need to run this:

What other benefits has the use of a Resource Group?

  • Billing
    • You are able to collect usage per Resource Group so you can bill for example departments or projects based on the usage from a Resource Group.
  • Tags (source)
    • You can tag your resources with key/value pairs to further categorize and view resources across resource groups and, within the portal, across subscriptions. Once configured across Resource Groups you can view the taxonomy of tags in the portal, use the Browse hub to view Everything and then select Tags.

  • Role Based Access Control (RBAC) (source)
    • You can now grant access to both users groups. RBAC is based on Azure Active Directory, so if your organization already uses groups in Azure Active Directory or Windows Server Active Directory for access management, you will be able to manage access to Azure the same way. Below are some more details on how this works and can be enabled.

      Azure Active Directory is a directory service in the cloud. You can create organizational tenants within Azure Active Directory and define users and groups within it – without having to have any existing Active Directory setup on-premises.

      Alternatively, you can also sync (or federate) users and groups from your existing on-premises Active Directory to Azure Active Directory, and have your existing users and groups automatically be available for use in the cloud with Azure, Office 365, as well as over 2000 other SaaS based applications:

      We will dive deeper on RBAC in a future post.

That was a short overview of the Resource Groups in Azure (Stack) and I hope it gave you a understanding of what it is and what you can do with it.

Spread the word. Share this post!

  • Amit

    How can I view Azure Resource Groups on http://manage.windowsazure.com which is live running portal for azure. I have setup a site to site VPN using Azure Resource Manager PowerShell cmdlets but I can see my changes only on preview portal rather than manage.windowsazure portal. Please help.

    • Mark Scholman

      Hi, You cannot see resource groups in the current portal, only on the preview portal. Because the current portal is based on Azure Service Manager API and the preview portal is based on Azure Resource Manager API you have to use Azure Powershell or the preview portal to view (ARM based) resources.