Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums will be monitored and reviewed by the Azure Management Group engineering team.

Do you have an idea or suggestion based on your experience with Azure Management Groups?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow custom RBAC Definitions at the Management Group Level

    The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.

    62 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      3 comments  ·  Identity + Access  ·  Flag idea as inappropriate…  ·  Admin →
    • Activity log for Management Group

      We need to have activity log for management group to audit/track who make changes to management group. The activity log should also show the status of action perform and include details error message.

      13 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow more rich symbols while using Match in Policy definition

        I am using Management groups and wanted to roll out multiple naming policy.
        I have various clients hence thought of a consistent manner to support and organize Resource groups/Resources in a consistent way. i.e <Cleint>-<Prod/Dev>-RGP-<Name>.
        So it would sort out like
        CL1-PROD-RGP-MyFirstRG
        CL1-PROD-RGP-AnotherOne
        CL2-DEV-RGP-NNNN
        CL3-PROD-RGP-aaa

        but unfortunately found that match could not support a symbol which would represent letter or number in same symbol. Details can be seen in the closed feedback thread on the following page.

        https://docs.microsoft.com/en-us/azure/azure-policy/scripts/allow-multiple-name-patterns

        It would really help enforce a consistent naming convention.
        Not sure how fast help can arrive from MS?

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
        • Add subscription request resource group

          When adding a new subscription to a directory that has resource groups enabled the new subscription wizard should ask if you want to add the subscription to an existing resource group or create a new one.

          Would even be nice if as an admin you can toggle an option in teh directory to require subscriptions be added to a management group.

          This just simplifys the management as currently we have to tell everyone to "remember" to do this and stuck cleaning up a mess when it is not done.

          5 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Resource Management  ·  Flag idea as inappropriate…  ·  Admin →

            Thanks Brett for the feedback. We are looking into building features that do both of those items. 1) Have the management group selection at subscription creation, 2) Custom rules that allow admins to control where subscriptions default when they are created.

          • Parameters Concatenation

            I have a naming policy for resource type and i am naming it at a category level. I.e
            If Resource is of type CDN or Network then name should be CLIENT1-DEV-INT-<nameofresource>
            else If the Resource is of type AppFunction, AppService then name should be CLIENT1-DEV-WEB-<nameofresource>
            etc.

            So this Policy will be massive and having multiple clients I need to introduce a parameter to cover for first bit to be same i.e instead of hard coding CLIENT1-DEV I use parameter and make policy general and use CONCATENATION in the LIKE portion of policy like below.

            {
            "policyRule": {
            "if": {
            "not":…

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Policy Management  ·  Flag idea as inappropriate…  ·  Admin →
            • Don't see your idea?

            Feedback and Knowledge Base