Azure resources are organized hierarchically as :
Tenant → Management Group → Subscription → Resource Group → Resources.
What these terms stand for :
- Tenant represents the Entra ID identity boundary
- Subscriptions are billing and governance boundaries
- Resource Groups logically organize related resources
For authentication and automation
Azure uses Service Principals, which are non-human identities tied to applications.
A Service Principal is created from an App Registration.
- Authentication typically uses Tenant ID, Client ID, and Client Secret.
- After authentication, Azure RBAC controls Authorization and permissions on subscriptions, resource groups, or resources
- Managed Identities are Azure-managed Service Principals that avoid secret management and are preferred when running workloads inside Azure
