In Management Groups
- Adding a subscription to a management group.
Replace dropdown with a view so you can select multiple subscriptions and also see to which MG a subscription belongs.
Also filter by MG group there and also view all subscriptions that does not belong to a MG currently.6 votes
We are working closely with the UI design team to develop a better hierarchy selection tool. This will be a standard view that can be used across the portal. I don’t have a timeline yet that I can share.
I believe that my request or idea is similar to the the topic "Splitting management group rights from subscription rights".
I understand that an user with the role of Account and/or Service Admin can cancel or transfer an Azure subscription. This action can cause a business continuity impact and I want to restrict this capability under the "Four Eyes Principle" or "Segregation of Duties". Is it possible? Currently I think that this feature is not available, thus making the entire designed RBAC model at the lower scopes potentially useless.2 votes
Thanks for the feedback. Account / Service Admins are classic administration roles that are outside of the ARM RBAC Model. They have equivalent RBAC roles like “Owner”. Management Groups are ARM Resources which means they do not look or govern the classic roles.
While we have no plans to support governing classic roles, I will keep this item open as unplanned.
- Don't see your idea?