Azure Resource Manager
By Microsoft
Azure Resource Manager (ARM) is the deployment and management layer of Microsoft Azure that lets users create, update, and delete resources through consistent JSON templates, role-based access control, and resource groups.
Definition
Azure Resource Manager (ARM) is the deployment and management layer of Microsoft Azure that lets users create, update, and delete resources through consistent JSON templates, role-based access control, and resource groups.
Overview
Every request made against Azure — whether from the portal, the CLI, PowerShell, or an SDK — passes through Azure Resource Manager. ARM is the control plane that authenticates the request, applies Azure Active Directory permissions and policies, and routes it to the right resource provider, giving Azure a single consistent management API regardless of which tool triggered the action. ARM templates are declarative JSON documents (or the newer Bicep language, which compiles to ARM JSON) that describe a set of resources and their configuration. Resources are organized into resource groups, which act as a logical container for lifecycle management: deleting a resource group deletes everything inside it, which is useful for tearing down entire test environments in one step. ARM also evaluates dependencies between resources automatically, so a virtual network is created before the subnet that needs it, without the author having to sequence operations by hand. Beyond provisioning, ARM enforces governance through Azure Policy and role-based access control (RBAC), letting organizations restrict which resource types or regions a team can use and who can modify them. It plays the same role in Azure that AWS CloudFormation plays in AWS and Google Cloud Deployment Manager plays in GCP — teams working across multiple clouds often use Terraform instead so they can manage all three with one tool.
Key Features
- Single control plane and consistent API used by the portal, CLI, PowerShell, and SDKs
- Declarative ARM JSON templates, or Bicep for a more concise authoring syntax
- Resource groups provide a logical container for lifecycle and permission management
- Automatic dependency resolution between resources in a deployment
- Built-in role-based access control (RBAC) and Azure Policy enforcement
- Tagging support for cost allocation, ownership, and organization at scale
- Incremental and complete deployment modes for controlling how updates are applied