Account and billing hierarchy in Azure is meant to manage user permissions and accounts from a parent account. As shown in the figure, the azure account and billing hierarchy is a set of parallel hierarchies for the administration of your Azure environment.
Azure AD is the cloud-based access and identity management solution of Azure.
Azure EA portal – The Azure EA portal is the portal that helps customers to manage the cost of their Azure EA services. It consists of various accounts and enrolments under EA.
EA enrolment – EA enrolment shows the commercial relationship between Microsoft service as a cloud provider and how your organizations use Azure.
Departments – Departments help to group costs logically and set a budget at the department level.
Accounts – The organization units in Azure EA portal are called accounts. They are used for access to reports and managing subscriptions.
The right side is the technical environment.
Azure portal (including CLIs and APIs) is used for the administration of this environment. It consists of Azure management groups, subscriptions, resource groups, and resources.
This hierarchy is defined in Azure AD tenant and is aligned to your organisation’s needs and structure. Azure management groups help you effectively access, monitor, and manage policies and compliance with your subscriptions. The management group is a container of subscriptions (one or many). The top-level in the hierarchy is known as the root management group.
Root management group – It contains all the management groups (configured) and subscriptions. It is the root of the Azure governance hierarchy.
Management group – If your organization has many subscriptions, you can group the subscriptions into containers or management groups. Governance conditions applied to one Azure management group are automatically enforced on all the subscriptions within that group. This helps the organization teams to administer policies and work independently. Full ownership of various Azure resources can be granted independently to various departments to which the resources belong.
Subscriptions – Azure subscription used for provisioning resources in Azure. It contains details of all resources like databases, VMs, and others. These organizing entities are the link between your Azure environment and your cost relationship with Microsoft (as a cloud provider)
Resource Groups – It is a logical container where all the resources like databases, apps, and storage accounts are deployed and maintained
Resources – Resources in Azure are various Virtual Networks, Virtual Machines, databases, storage accounts, and more.