Azure Management Groups
Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.
Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums are directly monitored and reviewed by the Azure Management Group engineering team.
-
Allow custom RBAC Definitions at the Management Group Level
The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.
221 votesCustom RBAC is supporting the management groups scope with a few limitations. The MG team and Identity teams are working on removing these limitations but no timeline is available yet.
To keep updated please see https://docs.microsoft.com/en-us/azure/governance/management-groups/overview#custom-rbac-role-definition-and-assignment
-
Setting alerts and/or send logs to Log Analytics
Right now, there's no way to set Alerts or Alert Rules that trigger when a specific even occurs; or even how to send those logs to a Log Analytics workspace. As such, in Log Analytics workspace, the scope cannot be changed to specify management groups.
7 votesWe are working with the Log Analytics team to enable exporting of all activity to a workspace. There you will be able to set alerts on events. Planned to have this available by end of year.
- Don't see your idea?