The electricity account you never think about until the bill arrives.

You don’t own NEPA or EKEDC. You didn’t build the power lines running to your street. But every morning you flip a switch, the lights come on and at the end of the month, someone sends you a bill for everything you used. That’s the deal. You consume, they measure, you pay.

An Azure Subscription works the same way. You’re not buying Microsoft’s servers or building any infrastructure. You’re opening an account that gives you access to their enormous digital power grid and every virtual machine, database, or storage space you spin up gets tracked under that account. Microsoft measures the usage and sends you one consolidated bill.

More importantly, the subscription is the boundary. Everything you build in Azure, every resource, every project, every service belongs to a subscription. It defines who owns what and who gets charged for it. You can’t do anything in Azure without one.

Why the cleaner doesn’t have keys to the MD’s office.

Think about how a typical office building handles access. The receptionist can open the front desk drawers but not the accounts department. The finance manager can access the safe but not the server room. The IT guy can enter the server room but has no reason to be near the petty cash. Nobody sat down and said “let’s make everyone’s life difficult.” They just gave people access to exactly what their job requires nothing more.

Azure Role-Based Access Control — RBAC for short is that same system applied to your cloud. You have developers, database admins, security teams, interns, each of them needs a different level of access to your Azure resources. RBAC lets you assign each person a role that defines exactly what they can see, touch, or change.

A junior developer might be able to view resources but not delete anything. A billing admin can monitor costs without ever touching your servers. A new contractor can access one specific project and nothing else. Nobody gets in anywhere they don’t belong.

The man at the gate who needs to see your face before he opens it.

You know that security man at the entrance of a big office building or estate, the one who stops you at the gate, checks your ID, maybe calls upstairs to confirm you’re expected, and only then lets you through? Some buildings have upgraded to ID cards and biometrics. But the job is the same: before you go anywhere, someone needs to confirm you are who you say you are.

Azure Entra ID — formerly called Azure Active Directory is that gate. Before anyone touches your applications, files, or systems, Entra ID checks their identity. It manages every sign-in, enforces extra verification steps like a one-time code on your phone, and makes sure only verified people get through. Whether someone is logging in from the office or a hotel room in another country, Entra ID is the first thing they encounter.

It answers one question before anything else can happen: Who are you?

The box you put everything from one project into so nothing gets lost.

Picture someone who takes their job seriously. When they’re working on a project, everything related to it goes into one place. The printed contract, the receipts, the email threads they printed out, the USB drive with the design files. One box, one label, one project. When the project closes, they don’t hunt for scattered pieces. They just pick up the box.

In Azure, a Resource Group is that box. Every cloud project typically involves multiple resources, a virtual machine running the application, a database storing the data, a storage account holding the files, a network connecting them all. Without a Resource Group, those things would be scattered across your Azure account with no clear relationship.

A Resource Group keeps them together under one label. You can monitor everything in it at a glance, apply updates or policies to the whole group in one action, and when the project is done, delete the entire group cleanly. No loose ends left behind.

A computer you can rent, resize, and return without touching the hardware.

Imagine you need a powerful computer for a project, something fast with a lot of memory. You could go buy one. But then you’ve spent money on hardware, you’re responsible for the electricity, and when the project ends, that machine is just sitting there. Alternatively, imagine a place where you can rent exactly the computer you need, use it for as long as the project lasts, and hand it back when you’re done. You pay for the days you used it and nothing more.

That’s what an Azure Virtual Machine is. It’s a computer with its own operating system, storage, and network connection that runs inside Microsoft’s data centres. It behaves exactly like a physical machine you’d have on your desk. But you never see it, never maintain it, and never worry about it overheating.

What makes it powerful is the flexibility. Need more processing power this week because traffic spiked? You scale up. Project finished? You switch it off and stop being charged. You’re always paying for what you’re actually using not for hardware collecting dust.