[edit: after posting this, i noticed this post was kicked from a few years ago by Khalid. Well then my contribution is for good sake ;)]
@Khalid_GarayevThanks for your effort, but I think your drawing can confuse others.
I see subscriptions with the same name connected to multiple directories. That is not possible. Comparing it to a company and shelves is to simplified. I won't recommend using an Azure AD for every subsidiary, unless this a requirement for seperated administrative purposes. It's more convenient to add the different custom domain for those sub-companies to the same Azure AD.
My 2 cents:
Azure Account: Your overall account to start you Azure journey. Also your billing account
Azure AD: Your directory for authentication and authorization
Azure Subscription: The container where your created resources are created. Billing is per subscription
(multiple subscription can have the same Azure AD). You can also set specific Azure policies on subscription level.
Azure Resource Groups: A logical group of resources belonging to the same application environment and lifecycle.
Within this construction you can seperate access to resource groups for departments by using clear RBAC roles.
Using multiple subscriptions can be convenient for administrative/billing use, or for example sandbox and test vs production environment. I don't recommend a subscription per department except when for example developers having their separate subscriptions. But then it's still rather based on usage than on a specific department.