Custom Roles at the Management Group Level

Please add the ability to define custom roles for Azure RBAC at the new Management Group level. Would like to be able to create custom roles and set the assignable scope to our root management group so that the role definition is available throughout our tenant.

https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles

59 votes

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Dan M shared this idea · March 15, 2018 · Flag idea as inappropriate… · Admin →

planned ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · October 29, 2018

Just wanted to leave a quick update, we’re continuing to work on this feature and will share details in the near future.

Cheers,
/Stuart and Balaji

Show previous admin responses (1)

13 comments

Add a comment…

Attach a File

(thinking…)

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Steven Scott commented · August 06, 2019 06:39 · Flag as inappropriate

Any update here? I am automating our subscription creation process and need to have this capability.

Submitting...
Lester W commented · June 13, 2019 03:41 · Flag as inappropriate

This feature is available NOW (programmatically). In PowerShell, you add a management group as an assignable scope. For example: $Role.AssignableScopes.Add("/providers/Microsoft.Management/managementGroups/<management group ID>")

Duplicate Feedback of
https://feedback.azure.com/forums/911473-azure-management-groups/suggestions/34391878-allow-custom-rbac-definitions-at-the-management-gr?

Submitting...
Talal Masood commented · June 13, 2019 01:44 · Flag as inappropriate

When this will be available please?

Submitting...
Bart Michel commented · May 19, 2019 22:58 · Flag as inappropriate

Is there any update yet? we can't use only built-in roles so please get this workin :-)

Submitting...
Simon commented · May 09, 2019 05:43 · Flag as inappropriate

Agreed, otherwise management groups are more or less useless if you rely a lot on Custom roles

Submitting...
Charity Shelbourne commented · May 06, 2019 07:12 · Flag as inappropriate

Is this still planned? We're interested in doing this as well.

Submitting...
Mitch B. commented · April 03, 2019 16:10 · Flag as inappropriate

Any update on this?

Submitting...
JH commented · March 14, 2019 12:04 · Flag as inappropriate

Agreed this is needed!
Duplicate of: https://feedback.azure.com/forums/911473-azure-management-groups/suggestions/34391878-allow-custom-rbac-definitions-at-the-management-gr

Submitting...
Dany Contreras commented · March 13, 2019 08:28 · Flag as inappropriate

Hello, do you have an update on ETA for availability of custom roles on management groups?

Submitting...
Corey Zwart commented · March 12, 2019 07:19 · Flag as inappropriate

Please provide an update Stuart and Balaji... we need to be able to use this functionality as management groups are GA and are being recommended as the best practice.

Submitting...
Adam commented · January 24, 2019 12:46 · Flag as inappropriate

Is there an update on this? The last entry is Oct 29th and says that we would get details in the near future

Submitting...
Anonymous commented · October 08, 2018 07:38 · Flag as inappropriate

Any new updates, this is essential option for our teams, is there any indication as to when this will be available

Submitting...
Brian Jackett commented · August 01, 2018 06:12 · Flag as inappropriate

Any update on this? I see that Management Groups are now GA.

Submitting...