Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums are directly monitored and reviewed by the Azure Management Group engineering team.

Do you have an idea or suggestion based on your experience with Azure Management Groups?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

  1. Allow custom RBAC Definitions at the Management Group Level

    The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.

    207 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    42 comments  ·  New Feature Request  ·  Flag idea as inappropriate…  ·  Admin →

  2. Allow for the default management group in the tenant be custom selected

    When using Azure Management Groups, any new management group or subscription that is created is made a default child of the Root management group.

    This feature would allow a admin with access to the root management group to select different default group. This group will then act as the landing area for all new management groups and subscriptions that are not created with a parent already selected.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  New Feature Request  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminManagement Group Team (Product Manager, Microsoft Azure) responded

    We are testing a feature that will allow a user with new hierarchy setting permissions on the root MG to be able to set a Default MG. This Default MG will be the parent on all Subscriptions that would currently go under the Root MG.

    Planning to be rolled out by end of March 2020

  • Don't see your idea?

Azure Management Groups

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice