Custom Roles at the Management Group Level
Please add the ability to define custom roles for Azure RBAC at the new Management Group level. Would like to be able to create custom roles and set the assignable scope to our root management group so that the role definition is available throughout our tenant.
https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles

Just wanted to leave a quick update, we’re continuing to work on this feature and will share details in the near future.
Cheers,
/Stuart and Balaji
16 comments
-
Arulraj commented
Any update
-
Janke, Joel commented
It appears you can create custom roles with an assignable scope at the management group level, however, the management group IAM GUI does not display these scopes. They do inherit down to all sub-level items (Subscriptions,, Resource Groups, and Resources) and show properly in the GUI at those levels.
-
Janke, Joel commented
Is it not time to get an update on this feature request?
-
Steven Scott commented
Any update here? I am automating our subscription creation process and need to have this capability.
-
Lester W commented
This feature is available NOW (programmatically). In PowerShell, you add a management group as an assignable scope. For example: $Role.AssignableScopes.Add("/providers/Microsoft.Management/managementGroups/<management group ID>")
Duplicate Feedback of
https://feedback.azure.com/forums/911473-azure-management-groups/suggestions/34391878-allow-custom-rbac-definitions-at-the-management-gr? -
Talal Masood commented
When this will be available please?
-
Bart Michel commented
Is there any update yet? we can't use only built-in roles so please get this workin :-)
-
Simon commented
Agreed, otherwise management groups are more or less useless if you rely a lot on Custom roles
-
Charity Shelbourne commented
Is this still planned? We're interested in doing this as well.
-
Mitch B. commented
Any update on this?
-
JH commented
Agreed this is needed!
Duplicate of: https://feedback.azure.com/forums/911473-azure-management-groups/suggestions/34391878-allow-custom-rbac-definitions-at-the-management-gr -
Dany Contreras commented
Hello, do you have an update on ETA for availability of custom roles on management groups?
-
Corey Zwart commented
Please provide an update Stuart and Balaji... we need to be able to use this functionality as management groups are GA and are being recommended as the best practice.
-
Adam commented
Is there an update on this? The last entry is Oct 29th and says that we would get details in the near future
-
Anonymous commented
Any new updates, this is essential option for our teams, is there any indication as to when this will be available
-
Brian Jackett commented
Any update on this? I see that Management Groups are now GA.