Understanding Azure Resource Manager (ARM) - ITU Online

Understanding Azure Resource Manager (ARM)

azure resource manager

Azure Resource Manager (ARM) serves as a pivotal component in managing and orchestrating resources within Microsoft’s Azure cloud platform. Unlike traditional tools, ARM operates seamlessly in the background, offering a unified management layer that simplifies operations across Azure’s expansive suite of services.

Key Features of ARM

  • Centralized Management: ARM allows for the centralized management of all Azure resources, facilitating tasks such as creation, modification, and deletion through a single interface.
  • Authentication and Authorization: Before any changes are made, ARM verifies the legitimacy of requests, ensuring that only authorized operations proceed.
  • Extensive Service Integration: With Azure hosting approximately 200 distinct services, ARM acts as the intermediary, streamlining interactions between the user’s commands and the specific Azure service required.
Azure Administrator

Azure Administrator Career Path

Become a highly skilled Microsoft Azure Administrator with our Azure administrator Career Path training series. This path include the core skills for Cloud, Network and Security with the CompTIA courses and then follows-up with our comprehensive AZ-104 Azure Administrator course. Elevate your career today.

Core Concepts

Resources in Azure


In Azure, resources are the fundamental components that you can create, manage, and utilize to build your cloud infrastructure. These include a wide array of services and functionalities that cater to different aspects of cloud computing, such as computing power, storage options, networking capabilities, and more.

Types of Resources:

  • Virtual Machines (VMs): Azure VMs provide scalable computing resources that can be customized to run server applications, host websites, and handle data processing tasks. VMs can be configured with various operating systems, including Windows and Linux.
  • Storage Accounts: Azure Storage offers highly available, secure, and scalable cloud storage solutions. This includes Blob storage for REST-based object storage of unstructured data, File Storage for SMB-based file shares, Table storage for NoSQL data, and Queue storage for messaging between application components.
  • Web Apps: Part of Azure App Service, Web Apps allow developers to build and host web applications in the cloud with support for multiple languages and frameworks, such as .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python, without worrying about the underlying infrastructure.
  • Databases: Azure supports various database services, including Azure SQL Database, Cosmos DB for NoSQL options, MySQL, PostgreSQL, and MariaDB, offering scalable, secure, and managed database services for a wide range of data storage needs.

Resource Groups


Resource groups in Azure act as containers that hold related resources for an Azure solution. The group facilitates the collective management of these resources, sharing lifecycle, permissions, and policies.


  • Simplified Management: By organizing resources that share the same lifecycle into a resource group, you can deploy, update, and delete them as a single entity, improving management efficiency.
  • Access Control: Resource groups enable fine-grained access control by applying role-based access control (RBAC) policies at the group level, thus managing who has access to these resources and what actions they can perform.
  • Billing and Monitoring: Grouping resources makes it easier to monitor their usage and manage billing. You can quickly identify which resources are driving costs and monitor their health and usage patterns.

Resource Providers


Resource providers are services in Azure that offer access to the cloud resources you need. Each provider covers a specific set of services and capabilities, defining the operations that can be performed on resources within its domain.

Key Providers:

  • Microsoft.Compute: Manages virtual machines, virtual machine scale sets, and availability sets.
  • Microsoft.Storage: Offers services related to Azure Storage accounts, including blob, file, queue, and table storage.
  • Microsoft.Network: Handles virtual networks, subnets, network interfaces, and other networking-related resources.
  • Microsoft.Web: Provides access to services under Azure App Service, including web apps, API apps, and mobile apps.

ARM Templates


ARM Templates are JSON files that define the infrastructure and configuration for your Azure solution, allowing you to deploy and manage Azure resources in a consistent and repeatable manner.

Key Features:

  • Declarative Syntax: ARM templates describe what resources are needed and their configurations, without specifying how to create them. This approach simplifies the deployment process and reduces the potential for errors.
  • Idempotency: The templates are idempotent, meaning you can deploy the same template multiple times with the same outcome, ensuring consistent setups.
  • Parameterization: Templates can include parameters that allow for input values at deployment time, making the templates reusable and adaptable to different environments or scenarios.
  • Resource Dependencies: Templates can define dependencies between resources, ensuring they are created and configured in the correct order.

By leveraging these concepts, you can more effectively utilize Azure’s vast capabilities, tailoring your cloud infrastructure to meet your specific needs while ensuring efficient management and deployment practices.

Cloud Services

Get Ahead In Cloud Computing

At ITU, we offer an exclusive Cloud Computing training series designed to prepare you for certification and/or to help you gain knowlege of all Cloud based platforms including AWS, Azure and Gooogle Cloud.

Get access to this exclusive Cloud Computing Training today.

Advanced Concepts

  • Declarative Syntax in ARM Templates: This simplifies the definition of infrastructure as code, focusing on the desired end-state without specifying the sequence of actions to achieve it.
  • Resource Providers and Categories: Azure categorizes its services into more than 20 groups, each managed by specific resource providers that define the available operations.
  • Resource Groups and Deployment: Resources are organized into groups for easier management, with the ability to deploy, update, and delete resources as a unit, respecting their interdependencies.

Practical Aspects

Resource Manager Locks


Azure Resource Manager Locks are designed to prevent accidental modifications or deletions of your Azure resources. These locks can be applied at different scopes, including subscriptions, resource groups, and individual resources, to ensure critical components of your infrastructure remain unchanged and protected.

Types of Locks:

  • Read-Only Lock: This lock makes the resource read-only, preventing any modifications. Users can still read and list the resource but cannot make changes. This is useful for critical resources that should not be altered.
  • Delete Lock: This prevents the resource from being deleted. It’s particularly valuable for resources that are crucial to your environment’s integrity, ensuring they cannot be removed without removing the lock first.

How to Apply Locks:

  1. Via Azure Portal: Locks can be applied directly through the Azure portal by navigating to the specific resource, resource group, or subscription, and selecting the “Locks” option to add a new lock.
  2. Using Azure CLI or PowerShell: Locks can also be applied programmatically using the Azure Command Line Interface (CLI) or PowerShell, providing a way to automate the protection of resources.


  • Inheritance: Locks applied at a higher scope (e.g., resource group) are inherited by the resources within that scope. This feature ensures comprehensive protection across your Azure environment.
  • Permissions: Only users with administrative privileges, such as the Owner or User Access Administrator roles, can manage locks to prevent unauthorized changes.

Managing Resource Limits


Azure sets limits on the number and size of resources that can be deployed in a subscription. These limits are in place to ensure equitable distribution of resources among users and to protect the Azure environment from overuse.

Understanding Resource Limits:

  • Predefined Limits: Each Azure service has predefined limits. For example, there might be a limit on the number of virtual machines or storage accounts you can create in a single subscription.
  • Viewing Limits: You can view the current limits and usage levels of your resources in the Azure portal under the subscription’s “Usage + quotas” section.

Requesting Increases:

  • Automatic Increase Requests: For certain services, you can request an increase in limits directly through the Azure portal. This process is automated for some resource types, providing a quick resolution.
  • Manual Increase Requests: For other resources, an increase request may require manual review by Azure support. This process involves submitting a support ticket with details of your request.

Strategies for Managing Limits:

  • Monitoring Usage: Regularly monitor your resource usage to ensure you’re not approaching your limits, which could impact your ability to deploy new resources.
  • Architecting for Scalability: Design your solutions with scalability in mind, considering how to distribute resources across multiple subscriptions or regions if necessary.
Azure Administrator

Azure Administrator Career Path

Become a highly skilled Microsoft Azure Administrator with our Azure administrator Career Path training series. This path include the core skills for Cloud, Network and Security with the CompTIA courses and then follows-up with our comprehensive AZ-104 Azure Administrator course. Elevate your career today.

Resource Visualizer Tool


The Azure Resource Visualizer Tool, also known as ARM Visualizer, is a graphical tool that helps users understand the structure and dependencies of the resources within an Azure resource group. It provides a visual representation, making it easier to comprehend the relationships and configurations of deployed resources.


  • Graphical Diagrams: Displays a visual diagram of resources within a resource group, including how resources are interconnected.
  • Dependency Tracking: Helps identify dependencies between resources, which is critical for understanding the deployment order and the impact of changes or deletions.
  • Interactive Interface: Users can interact with the visual diagram, exploring details of specific resources and their properties.

Using the Resource Visualizer:

  1. Access through Azure Portal: The Resource Visualizer can be accessed within the Azure Portal by navigating to a specific resource group and selecting the “Visualize” option.
  2. Integration with ARM Templates: The tool can also visualize the structure of ARM templates, helping in the planning and deployment phases by providing insights into the template’s design.


  • Improved Clarity: By visualizing complex deployments, users can gain a better understanding of their Azure environments, simplifying management and troubleshooting.
  • Enhanced Planning: The tool aids in the planning phase of deployments, allowing for a clearer view of how resources will be structured and related.

In summary, Resource Manager Locks, Managing Resource Limits, and the Resource Visualizer Tool are essential components of the Azure ecosystem, offering mechanisms for security, compliance, scalability, and operational clarity within cloud environments.

In summary, Azure Resource Manager stands out as a foundational element in Azure’s ecosystem, streamlining the deployment and management of resources. Its comprehensive approach, from authentication to the visualization of resource dependencies, underscores ARM’s significance in ensuring efficient and secure cloud operations.

Key Term Knowledge Base: Key Terms Related to Azure Resource Manager (ARM)

Understanding the key terms related to Azure Resource Manager (ARM) is crucial for effectively managing and orchestrating Azure resources. ARM provides a consistent management layer for tasks performed through Azure PowerShell, Azure CLI, Azure portal, REST API, and client SDKs. Knowledge of these terms enhances one’s ability to efficiently deploy, manage, and monitor Azure resources.

Azure Resource Manager (ARM)A service that provides a management layer for Azure resources, enabling you to create, update, and delete resources in your Azure account.
Resource GroupA container that holds related resources for an Azure solution. It allows for managing the lifecycle of all the resources within it as a group.
ARM TemplateA JSON file that defines one or more resources to deploy to a resource group or subscription. It allows for declarative, consistent deployments across environments.
Resource ProviderA service that supplies Azure resources. Each resource provider offers a set of resources and operations for working with an Azure service.
ARM APIThe REST API that provides programmatic access to ARM functionality, allowing for managing resources outside of the Azure portal.
SubscriptionA logical container used to manage access, billing, and the allocation of resources.
TenantRepresents an organization in Azure AD. It’s a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service.
DeploymentThe process of applying an ARM template to a resource group or subscription to create or update the resources defined in the template.
TagsKey-value pairs that can be applied to resources and resource groups for organizing and managing resources across your subscription.
Managed IdentityAn identity in Azure Active Directory that is automatically managed by Azure. It’s used for authenticating to services that support Azure AD authentication, without needing to manage credentials.
PolicyA set of rules that are enforced on resources, ensuring those resources comply with corporate standards and service level agreements.
Resource LocksMechanisms to prevent accidental deletion or modification of important resources.
Azure PortalThe web-based user interface for managing Azure resources. It offers an integrated console for managing all Azure services.
Azure CLICommand Line Interface for managing Azure resources. It allows users to execute commands through a terminal or command prompt.
Azure PowerShellA set of cmdlets for managing Azure resources directly from the PowerShell command line.
Logic AppA cloud service that helps to automate and orchestrate tasks, workflows, and business processes.
Azure FunctionsAn event-driven, serverless compute service that lets you run small pieces of code (functions) in Azure without managing servers.
Service PrincipalAn identity created for use with applications, hosted services, and automated tools to access Azure resources.
ARM ExpressionsFunctions that help construct values for deployments, such as concatenating strings, creating arrays, or generating resource names dynamically.
Resource SkuA SKU (Stock Keeping Unit) defines the purchasable unit of a product or service in Azure. It describes the characteristics of a product, such as capacity, performance, and tier.
ComplianceThe adherence of resources to defined policies and standards within Azure.
Azure MonitorA service that provides comprehensive monitoring of your Azure resources, allowing you to maximize performance and availability.
ScalabilityThe ability to increase or decrease resources for an application or service to meet demand.
Availability SetA logical grouping of VMs that allows Azure to understand how your application is built to provide for redundancy and availability.
Load BalancerA service that distributes network or application traffic across a number of servers, improving the scalability and reliability of applications.

This list provides a foundational understanding of key concepts and components within Azure Resource Manager (ARM), aiding in the effective management and operation of Azure resources.

Frequently Asked Questions About Azure Resource Manager

What is Azure Resource Manager (ARM)?

Azure Resource Manager is a service that provides a management layer for creating, updating, and deleting resources in your Azure account. It allows for the management of resources through a consistent and unified interface, facilitating complex deployments, resource grouping, and access control across the Azure ecosystem. ARM acts as the intermediary between various Azure services and the user, streamlining operations and ensuring secure and efficient resource management.

How do ARM Templates work?

ARM Templates are JSON files that describe the resources and configurations for your Azure deployment. They allow you to declare the properties for all the resources in your deployment in a declarative format without having to manually script the creation of each resource. ARM templates support parameterization, which enables you to input values during deployment time, making your templates reusable across different environments. The ARM engine processes these templates, ensuring that all resources are deployed in the correct order and configured as specified.

Can I move resources between resource groups or subscriptions using ARM?

Yes, Azure Resource Manager allows you to move resources between resource groups and even between subscriptions. This functionality is crucial for managing the lifecycle of your resources and for organizing your infrastructure according to changing business needs. However, not all resources can be moved, and certain conditions must be met before moving resources. It’s important to consult the Azure documentation for specific rules and limitations related to moving resources.

What are Resource Manager Locks, and how do they protect my resources?

Resource Manager Locks are mechanisms that provide an additional layer of protection against accidental or unauthorized changes or deletion of Azure resources. There are two types of locks: Read-Only and Delete. A Read-Only lock prevents users from making changes to a resource, while a Delete lock prevents the resource from being deleted. These locks can be applied at various levels, including the subscription, resource group, or resource level, and are essential for safeguarding critical infrastructure components in Azure.

How can I monitor and manage my resource limits in Azure?

Azure imposes certain limits on the number and size of resources you can deploy within a subscription, which are in place to ensure optimal service performance and availability. To monitor and manage these limits, you can use the Azure portal to view your current usage and limits under the “Subscriptions” section, selecting “Usage + quotas.” If you need to increase your limits, you can either request an automatic increase for eligible services directly through the portal or submit a support request for manual review. Regular monitoring helps prevent service disruptions and ensures your deployments can scale according to demand.

Leave a Reply

Your email address will not be published. Required fields are marked *

What's Your IT
Career Path?
All Access Lifetime IT Training

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $699.00.Current price is: $289.00.

Add To Cart
All Access IT Training – 1 Year

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $199.00.Current price is: $139.00.

Add To Cart
All Access Library – Monthly subscription

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2626 Hrs 29 Min
13,344 On-demand Videos

Original price was: $49.99.Current price is: $16.99. / month with a 10-day free trial

You Might Be Interested In These Popular IT Training Career Paths

Entry Level Information Security Specialist Career Path

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
109 Hrs 39 Min
502 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart
Network Security Analyst Career Path

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
96 Hrs 49 Min
419 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart
Leadership Mastery: The Executive Information Security Manager

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
95 Hrs 38 Min
346 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart