Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions. Management groups allow you to order your Azure subscriptions hierarchically into collections. All subscriptions within a management group automatically inherit the conditions (polices and access) applied to the management group. 

The following diagram shows an example of creating a hierarchy for governance using management groups.

You might create a hierarchy so you can apply a policy to subscriptions in the hierarchy.

Another scenario where you would use management groups is to provide user access to multiple subscriptions. You can create one role-based access control (RBAC) assignment on the management group that will allow that access to all the subscriptions. 

After you create your first management group, a root management group is created in the Azure Active Directory (Azure AD) organization. By default, the root management group's display name is Tenant root group. The ID is the Azure AD ID. After this group is created, all existing subscriptions in the Azure AD organization are made children of the root management group.

Important facts about management groups

• There's only one management group hierarchy within an organization (Azure AD).
• Any Azure AD user in the organization can create a management group. The creator is given an Owner role assignment.
• A single Azure AD organization can support 10,000 management groups.
• A management group tree can support up to six levels of depth not including the Root level or subscription level.
• Each management group can have many children.
• When your organization creates subscriptions, they are automatically added to the root management group.

https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/4-management-groups