Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums are directly monitored and reviewed by the Azure Management Group engineering team.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Auto-Generate GUIDs for MGs

    If GUIDs for MGs could be auto-generated optional this would be a great user experience as currently having to provide your own GUID isn't the best experience.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Change Request  ·  Flag idea as inappropriate…  ·  Admin →

    Our team is looking into a way we can create a MGID field that is auto guid generated. This would mean the current Name field which is used as the unique key will not be used after that GUID is implemented. Since this is a GA service there are multiple up/down stream changes we are costing on how we can make these changes.

    No timeline as of yet

  2. Splitting management group rights from subscription rights

    I would like to give an AD group 'Owner' rights on subscriptions below a management group without giving them also the 'owner' rights on the management group itself, as they should only administer subscriptions and not management groups (which is done by another group of admins), which doesn't seem to be possible right now?

    Is this something we can use the 'Deny assignments' for in the future? (as in assigning them the 'owner' role, and denying them the 'management group contributor' role for example?

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New Feature Request  ·  Flag idea as inappropriate…  ·  Admin →

    Currently this is not possible as there are no RBAC roles that focus only on subscriptions write capabilities. We created a Management Group Contributor role so that certain users can only have write on the MG scope, but not one focused on subscriptions. This is something we can look at doing.

    We are working on Custom RBAC support for management group which will allow you to create your own role with subscription/write.

  3. Add subscription request resource group

    When adding a new subscription to a directory that has resource groups enabled the new subscription wizard should ask if you want to add the subscription to an existing resource group or create a new one.

    Would even be nice if as an admin you can toggle an option in teh directory to require subscriptions be added to a management group.

    This just simplifys the management as currently we have to tell everyone to "remember" to do this and stuck cleaning up a mess when it is not done.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Change Request  ·  Flag idea as inappropriate…  ·  Admin →
  4. New-AzureRMSubscription missing argument to set management group scope

    If I create a new Subscription using New-AzureRMSubscription it is always created at Root Scope, seems there is missing an arguement for management group scope.

    Otherwise i need to additionally execute New-AzManagementGroupSubscription... and this command, as far as i can tell will require the user executing it too be both Contributor of the management group object and owner of the subscription object.

    The 'New Subscription' owner and 'Target Management Group' owner are different identities in my scenario.

    Added to github by alexevansigg 5/16/19

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  New Feature Request  ·  Flag idea as inappropriate…  ·  Admin →

    The Subscription Create API (version 2019-10-01-prevbiew) has been updated to include a management group ID of the parent parameter. Using this you can select the MG parent at sub create.

    Now that the API has been created, the subscriptions team will be in talks with the powershell team to get the modulus updated.

  • Don't see your idea?

Azure Management Groups

Categories

Feedback and Knowledge Base