Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums will be monitored and reviewed by the Azure Management Group engineering team.

Do you have an idea or suggestion based on your experience with Azure Management Groups?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow custom RBAC Definitions at the Management Group Level

    The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.

    21 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Identity + Access  ·  Flag idea as inappropriate…  ·  Admin →
    • Activity log for Management Group

      We need to have activity log for management group to audit/track who make changes to management group. The activity log should also show the status of action perform and include details error message.

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
      • Add subscription request resource group

        When adding a new subscription to a directory that has resource groups enabled the new subscription wizard should ask if you want to add the subscription to an existing resource group or create a new one.

        Would even be nice if as an admin you can toggle an option in teh directory to require subscriptions be added to a management group.

        This just simplifys the management as currently we have to tell everyone to "remember" to do this and stuck cleaning up a mess when it is not done.

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Resource Management  ·  Flag idea as inappropriate…  ·  Admin →

          Thanks Brett for the feedback. We are looking into building features that do both of those items. 1) Have the management group selection at subscription creation, 2) Custom rules that allow admins to control where subscriptions default when they are created.

        • Allow more rich symbols while using Match in Policy definition

          I am using Management groups and wanted to roll out multiple naming policy.
          I have various clients hence thought of a consistent manner to support and organize Resource groups/Resources in a consistent way. i.e <Cleint>-<Prod/Dev>-RGP-<Name>.
          So it would sort out like
          CL1-PROD-RGP-MyFirstRG
          CL1-PROD-RGP-AnotherOne
          CL2-DEV-RGP-NNNN
          CL3-PROD-RGP-aaa

          but unfortunately found that match could not support a symbol which would represent letter or number in same symbol. Details can be seen in the closed feedback thread on the following page.

          https://docs.microsoft.com/en-us/azure/azure-policy/scripts/allow-multiple-name-patterns

          It would really help enforce a consistent naming convention.
          Not sure how fast help can arrive from MS?

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
          • They are great; but can't use them in anger because access is not listed properly on portal

            Until the inherited management group access is represented properly on the portal, management groups can't really be used in anger. When will this be fixed?

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Bugs  ·  Flag idea as inappropriate…  ·  Admin →
            • Azure Policy force lowercase naming convention

              I've been looking through the Azure documentation, and cannot see a method to create a naming policy to force a lowercase naming convention.

              This would be very helpful to ensure consistency and adherence to standards.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
              • 13001834

                Passwords rest

                0 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Search + Navigation  ·  Flag idea as inappropriate…  ·  Admin →
                • Don't see your idea?

                Feedback and Knowledge Base