Azure Management Groups

Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.

Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums are directly monitored and reviewed by the Azure Management Group engineering team.

Do you have an idea or suggestion based on your experience with Azure Management Groups?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

  1. In Management Groups - Allow to view which sub belongs to a mg

    In Management Groups
    - Adding a subscription to a management group.

    Replace dropdown with a view so you can select multiple subscriptions and also see to which MG a subscription belongs.

    Also filter by MG group there and also view all subscriptions that does not belong to a MG currently.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Change Request  ·  Flag idea as inappropriate…  ·  Admin →

  2. Restrict Account and Service Admin rights for cancelling a subscription

    I believe that my request or idea is similar to the the topic "Splitting management group rights from subscription rights".

    I understand that an user with the role of Account and/or Service Admin can cancel or transfer an Azure subscription. This action can cause a business continuity impact and I want to restrict this capability under the "Four Eyes Principle" or "Segregation of Duties". Is it possible? Currently I think that this feature is not available, thus making the entire designed RBAC model at the lower scopes potentially useless.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  New Feature Request  ·  Flag idea as inappropriate…  ·  Admin →
    unplanned  ·  AdminManagement Group Team (Product Manager, Microsoft Azure) responded

    Thanks for the feedback. Account / Service Admins are classic administration roles that are outside of the ARM RBAC Model. They have equivalent RBAC roles like “Owner”. Management Groups are ARM Resources which means they do not look or govern the classic roles.

    While we have no plans to support governing classic roles, I will keep this item open as unplanned.

    Learn more about Classic Roles: https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#classic-subscription-administrator-roles

  • Don't see your idea?

Azure Management Groups

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice