Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
You are designing Azure governance for an enterprise with Finance and Operations divisions in both EMEA and the Americas. The company uses a single Azure AD tenant and an Enterprise Agreement. The solution must: 1) consolidate all billing globally, 2) enforce region-specific policies at the geography level, 3) let each division create and manage its own subscriptions, and 4) ensure that a common set of resource tags is applied to every resource. Which design should you recommend?
Create a separate Azure AD tenant and Enterprise Agreement for each geography, place all subscriptions under each tenant's root management group, and manage tags manually within each subscription.
Host all resources in one shared subscription, use separate resource groups for each division and geography, and apply region-specific and tagging policies at the resource-group level.
Create a single management group for the tenant, place all subscriptions directly under it, and assign both region-specific and tagging policies individually on every subscription.
Create a root management group, add EMEA and Americas management groups beneath it, nest Finance and Operations management groups under each geography, assign region-specific Azure Policy to each geography-level management group, enforce required tags from the root management group, and create separate subscriptions inside each division's management group.
Creating a root management group and then separate management groups for each geography, with division-level management groups under them, meets every requirement. Because all subscriptions remain in one Azure AD tenant and Enterprise Agreement, billing stays consolidated. Region-specific Azure Policy assignments made at the EMEA or Americas management-group scope automatically cascade to the underlying division management groups and their subscriptions. Placing a tag-enforcement policy at the tenant root management group guarantees that every resource in every child scope inherits the required tags. Each division's dedicated management group can contain its own subscriptions, so division administrators can manage them independently.
The single-management-group design forces policy assignments to be repeated on every subscription and complicates administration. Splitting into separate tenants breaks the consolidated billing requirement and adds identity complexity. Relying on resource-group-level organization places all workloads in one subscription, preventing autonomous subscription management and limiting policy inheritance. Therefore, the hierarchical management-group structure with inherited policy assignments and tagging at the root is the most efficient and compliant choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Azure management group?
Open an interactive chat with Bash
What is Azure Policy, and how does it enforce governance?
Open an interactive chat with Bash
How does consolidated billing work in Azure under the Enterprise Agreement?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .