While preparing for the AZ-305: Designing Microsoft Azure Infrastructure Solutions exam, many candidates stumble on complex governance scenarios involving multiple subscriptions. In large enterprises, effective governance often requires balancing centralized control with decentralized management. Understanding how to architect Azure Blueprints at scale can make or break your governance strategy.
Let’s drill into a realistic enterprise governance and deployment case study involving Azure Blueprints and management groups for multi-subscription environments.
The Scenario #
Tailspin Manufacturing operates two major business divisions, East Division and West Division, each with its own Azure presence. Each division manages two separate Azure subscriptions to isolate workloads for compliance reasons. Tailspin plans to deploy a standardized custom application consisting of multiple resource groups, Azure App Service Web Apps, Azure Cosmos DB accounts, and role-based access controls (using custom roles) across all subscriptions. To ensure consistent governance and repeatable deployments, Tailspin wants to automate this with Azure Blueprints.
Key Requirements #
Tailspin’s governance team needs to determine the minimum number of Azure management groups, blueprint definitions, and blueprint assignments required to deploy and manage this solution across all subscriptions in line with enterprise governance best practices.
The Options #
- A) Management Groups: 1
- B) Management Groups: 2
- C) Blueprint Definitions: 1
- D) Blueprint Definitions: 2
- E) Blueprint Assignments: 2
- F) Blueprint Assignments: 4
Correct Answer #
B) Management Groups: 2
C) Blueprint Definitions: 1
F) Blueprint Assignments: 4
The Architect’s Analysis #
Correct Answer #
Management Groups: 2, Blueprint Definitions: 1, Blueprint Assignments: 4
Step-by-Step Winning Logic #
In enterprise governance, management groups are used to mirror organizational structure. Since Tailspin has two distinct business divisions, the recommended practice is to create two management groups, one per division, each containing its associated subscriptions. This allows separation of delegated access and policy boundaries while maintaining hierarchy for compliance.
A single blueprint definition suffices because the application template and governance guardrails are identical across all subscriptions and divisions. This ensures standardization and reduces maintenance overhead.
Each subscription requires its own blueprint assignment because assignments apply at subscription scope to deploy resource groups, role assignments, and policies consistently on every subscription instance. With 4 subscriptions total (2 per division × 2 divisions), four assignments are needed.
This approach aligns with Microsoft’s Cloud Adoption Framework principles around enterprise governance and subscription lifecycle management while optimizing for operational excellence and cost.
The Traps (Distractor Analysis) #
- Why not Management Group = 1? Using a single management group would force overly broad policies and reduce administrative boundary separation—contrary to enterprise governance best practices.
- Why not Blueprint Definitions = 2? Multiple blueprint definitions increase governance drift and complicate lifecycle management when the same resources and roles are deployed.
- Why not Blueprint Assignments = 2? You must assign blueprints at subscription level; grouping subscriptions into fewer assignments would not deploy resources properly.
The Architect Blueprint #
Flow of governance deployment with management groups, blueprints, and assignments:
Diagram Note:
This flow shows a hierarchical Azure governance model with two management groups representing distinct divisions, a single blueprint definition centrally maintained, and multiple blueprint assignments at subscription level enforcing consistent resource deployment and policies.
The Decision Matrix (Mandatory for Expert Level) #
| Option | Est. Complexity | Est. Monthly Cost | Pros | Cons |
|---|---|---|---|---|
| Management Groups: 1 | Low | None | Simpler hierarchy, single control point | Poor separation, harder delegation |
| Management Groups: 2 | Medium | None | Clear organizational boundary, delegated governance | Slightly more complex to setup |
| Blueprint Definitions: 1 | Low | None | Standardized, easier to maintain and version centrally | Less flexibility for division-specific tweaks |
| Blueprint Definitions: 2 | Medium | None | Flexibility for division customizations | Higher maintenance overhead |
| Blueprint Assignments: 2 | Low | None | Fewer assignments, potentially easier management | Does not cover all subscriptions |
| Blueprint Assignments: 4 | Medium | None | Full coverage for each subscription, consistent compliance | Slightly more assignment overhead |
Real-World Practitioner Insight #
Exam Rule #
For enterprise governance at scale, always leverage management groups aligned with organizational units and assign blueprints at the subscription scope for repeatable, consistent deployments.
Real World #
Many enterprises start with a single management group but eventually reorganize into division- or department-specific management groups to enable delegated Azure Policy application and role assignments. Blueprint definitions evolve to balance standardization with flexibility.