Enterprise Azure environments typically span multiple subscriptions, separating production from non-production, isolating business units, or enforcing compliance boundaries. Analysing costs across these subscriptions individually is inefficient and makes it difficult to understand total organisational spend.
Azure Management Groups provide a governance layer above subscriptions that enables cost analysis, policy assignment, and role-based access control at scale. This post covers how to use Management Groups for cross-subscription cost visibility
1. Understanding the Management Group Hierarchy
A Management Group is a container that can hold subscriptions or other Management Groups. The hierarchy typically mirrors an organisation's structure. Following is an example:
Root Management Group
├── Platform
│ ├── Connectivity (subscription)
│ └── Identity (subscription)
├── Landing Zones
│ ├── Production (subscription)
│ └── Non-Production (subscription)
└── Sandbox (subscription)
Cost analysis scoped to a Management Group aggregates costs from all subscriptions within it, including nested groups. This means a query at the Landing Zones group captures both production and non-production spend in a single view.
Navigate to Management Groups in the Azure Portal to review the current hierarchy. If Management Groups have not been configured, this is a prerequisite before cross-subscription cost analysis is meaningful.
2. Assigning Cost Management Reader Role
To view costs at Management Group scope, the user or service principal needs the Cost Management Reader role assigned at the Management Group level.
- Navigate to Management Groups > [your management group] > Access control (IAM)
- Select + Add > Add role assignment
- Search for and select Cost Management Reader
- Assign to the appropriate user, group, or service principal
This role grants read-only access to cost and billing data without providing access to manage the underlying resources.
3. Analysing Costs at Management Group Scope
Once the role is assigned, cost analysis is available directly at the Management Group scope.
- Navigate to Cost Management + Billing > Cost Management
- In the Scope selector at the top of the page, select the Management Group
- Open Cost Analysis
Following is the recommended configuration for a cross-subscription cost review:
- View: Accumulated costs
- Granularity: Monthly
- Group by: Subscription (to see per-subscription breakdown within the group)
- Time range: Last 6 months (to identify trends)
Switch Group by to Resource group or Tag: cost-center to further slice the aggregated spend.
4. Exporting Cross-Subscription Cost Data
Cost Management Exports are supported at Management Group scope, allowing automated delivery of cross-subscription cost data to a storage account.
Navigate to Cost Management > Exports with the Management Group selected as the scope, then create a scheduled export following the same process as subscription-scoped exports. The resulting CSV includes a SubscriptionId column, enabling downstream segmentation by subscription.
5. Common Pitfalls
Two issues frequently arise when working with Management Group cost analysis:
- Missing subscriptions: Subscriptions not placed under the Management Group hierarchy will not appear in the aggregated view. Verify that all relevant subscriptions are correctly placed.
- Currency mismatches: If subscriptions are on different billing accounts or currencies, the aggregated cost view may not reconcile directly with individual invoices.
Summary
Management Groups provide the most scalable approach to cross-subscription cost governance in Azure. Assigning the Cost Management Reader role at the Management Group level and scoping cost analysis accordingly gives finance and platform teams a single, consistent view of organisational spend, without requiring access to individual subscription resources.
