Extend management groups to allow PIM scope changes down to subscriptions and resource groups
Right now if you assign roles through PIM to a management group you cannot drill down the scope to subscriptions or resource groups so you have to assign it to every single subscription manually. For better policy management you should allow scope changes on the management groups level that filters down to the subscriptions in the management group.
We’ve fixed this issue. If you assign a role at the Management Group scope, the eligible user can scope their activation to a child resource.
Sean Lengyel commented
I would also really like to see this feature implemented for two main reasons:
1. Enabling this in PIM will provide added security to managing Azure Resources
2. Makes it easier to manage PIM groups across lots of MGs, RGs and Subs