I began working on Azure Management Groups (MGs) while on the Azure Commerce team, where the original idea was to adapt Enterprise Agreement (EA) structures into the Azure Portal. Recognizing the broader potential, I volunteered to help—and was entrusted with leading a new implementation focused on Azure Policy support.

In just six months, we launched the first version of Management Groups in July 2018, a rare velocity for such a foundational feature. One month later, the product and I transitioned into the Azure Resource Manager (ARM) organization, where I continued leading its development and expansion into a platform-wide governance solution.

The Challenge

Azure lacked a first-class mechanism for organizing and governing multiple subscriptions at scale. Customers were left cobbling together custom tagging strategies, external tools, or brittle scripting to manage compliance, access, and billing across complex environments.

Microsoft needed a native, secure, and extensible solution that could:

• Scale to enterprise structures with thousands of subscriptions

• Enforce consistent policies and access control

• Serve as a foundation for future governance and compliance tools

My Role

As the lead PM for Management Groups, I was responsible for:

• Product Strategy: Transforming a commerce concept into a platform governance solution

• Architecture Design: Defining hierarchy limits, access controls, inheritance models, API/SDK and UI designs, and performance targets

• Cross-Org Alignment: Collaborating with Identity, Policy, ARM, Billing, Azure Monitor, and more

• Customer Feedback Loop: Working closely with Fortune 500 customers to validate use cases

• Program Leadership: Delivering initial GA, driving feature adoption, and leading the roadmap for 7 years

The Solution and Features

1. Initial Design, Execution, and Launch

The MVP established directory-level Management Groups as a new ARM scope for organizing subscriptions. It supported hierarchical structuring, top-down policy enforcement, and RBAC inheritance—all within a secure, scalable model. We launched in July 2018, completing architecture, implementation, and partner onboarding in under six months.

2. Hierarchy Settings

To address deeper enterprise governance needs, I introduced the Hierarchy Settings feature set. These controls gave central IT and security teams the ability to lock down and audit structural changes—improving stability and control across sprawling orgs.

3. Orchestration Service

I led the design of an Orchestration Layer that allowed external systems (e.g., security and inventory tools) to sync with Management Groups. This enabled automation of group assignments and policy application across thousands of resources in regulated environments.

4. Custom Role-Based Access Control (RBAC)

At GA, Management Groups lacked support for custom RBAC roles—a critical gap for enterprise customers. I partnered with the Microsoft Identity team to architect and implement custom role support at the directory level, unblocking customer adoption and extending RBAC’s reach.

5. Log Analytics & Azure Monitor Integration

Customers needed visibility into hierarchy changes for audit and operational awareness, but MGs were initially absent from Azure Monitor and Log Analytics. I worked across Azure Monitor and Resource Graph teams to integrate MGs into diagnostic pipelines, enabling tracking, alerting, and querying of hierarchy data.

Execution Highlights

• Delivered MVP in under six months, aligning multiple teams to meet a high-visibility milestone

• Grew feature set through iterative customer engagement and partner collaboration

• Established MGs as a required primitive for Azure Policy, Cost Management, and Blueprints

• Led cross-org integrations with Identity, Monitoring, and external security systems

Results

• Ubiquity: Adopted by nearly every enterprise Azure customer

• Scale: Over 10 million hierarchies in production use

• Governance Impact: Foundation for compliance, billing, access, and policy enforcement

• Ecosystem Growth: Enabled Service Groups and other relationship-based governance capabilities to build on MGs as a core scope object

Reflection

Management Groups was a career-defining product for me—not because it launched fast, but because it grew into one of the most critical pieces of Azure’s governance platform. I had the opportunity to lead it from inception through scale, solving enterprise pain points through thoughtful design, relentless customer advocacy, and deep cross-team partnership. The success of MGs laid the foundation for innovations like Service Groups and future graph-based governance.