Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums will be monitored and reviewed by the Azure Management Group engineering team.

Do you have an idea or suggestion based on your experience with Azure Management Groups?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow custom RBAC Definitions at the Management Group Level

    The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.

    82 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      5 comments  ·  Identity + Access  ·  Flag idea as inappropriate…  ·  Admin →
    • Activity log for Management Group

      We need to have activity log for management group to audit/track who make changes to management group. The activity log should also show the status of action perform and include details error message.

      21 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →

        Hi Everyone,
        I wanted to let you know this work is under way and the API’s are available today in Production. The Azure portal feature will be available in the 1st Q of 2019.

        When calling the Activity Logs API, use the scope of “/providers/Microsoft.Management/{MGID}/”

        Thanks
        -Rich

      • Add subscription request resource group

        When adding a new subscription to a directory that has resource groups enabled the new subscription wizard should ask if you want to add the subscription to an existing resource group or create a new one.

        Would even be nice if as an admin you can toggle an option in teh directory to require subscriptions be added to a management group.

        This just simplifys the management as currently we have to tell everyone to "remember" to do this and stuck cleaning up a mess when it is not done.

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Resource Management  ·  Flag idea as inappropriate…  ·  Admin →

          Thanks Brett for the feedback. We are looking into building features that do both of those items. 1) Have the management group selection at subscription creation, 2) Custom rules that allow admins to control where subscriptions default when they are created.

        • Don't see your idea?

        Feedback and Knowledge Base