Tenant and subscriptions
The following are best practices for both tenants and subscriptions:
- Keep subscriptions to a minimum to reduce complexity
- Segment bills by leveraging tagging, instead of creating more subscriptions
- Use resource groups as application lifecycle container boundaries
- Use RBAC to grant access and to delegate administration
However, you should avoid these practices:
- Do not create a subscription for each of the development, testing, and production environments to protect quota and enforce security. Instead, leverage the features of Azure DevTest labs (an IaaS solution), App Service Slots, or opt for Azure DevTest access using an MSDN subscription (as this creates an issue with cross-subscription sharing, like wildcard App Service Certificates which are stored in Azure KeyVaults and other subscriptions can't share them).
- Do not consider enforcing quota is necessary—use Azure Resource Manager (ARM) policies to help manage quotas.
- Do not create multiple subscriptions just because...