Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Do you have an idea or suggestion based on your experience with Azure reservations?

← Azure Reservations

Create the ability to give permissions to all subscription reservations to a single principle.

We would like to have the ability to give permissions to all Reservations within a single EA to a single principle. This would include Enterprise Applications, Users and Groups.

From what we can tell, when Azure created the Reservation capabilities in their platform, they introduced a new abstract layer of authorization strictly around the Reservations themselves. When reservations are created the only people allowed to view them are the Owner of the subscription that the Reservations were created within, and the user that actual purchased the reservation.

The primary limitation to this method is that there is no a way to create a group of principals and have that group automatically or programmatically be given permissions to all existing and future Reservations.

With the potential for Azure customers to have multitudes of subscriptions and multitudes of Reservations within those subscriptions, potentially purchased by multiple different users, there is not happy path to allow authorization to all of the reservation data.

A couple solutions that would make this easier to manage would be:
Creating 2 new directory roles that could be applied to any principal that cover all Reservations under a given directory:
Reservations Admin
Reservations Reader

Allow the ability to setup a Group to be applied to all future Reservations.
This would require some investigation and work to Authorize all existing Reservations, but would allow newly created ones to have a centralized method of authorization.

I'm sure there are potentially other methods that could simplify this problem and I am happy to jump on a call and provide further clarity or answer any questions.

97 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jason Turner shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

25 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jelmer commented  ·   ·  Flag as inappropriate

    This is also required for CSP's without delegated admin permissions. There is currently no way to add a user from the AAD of the customer as owner of an Reserveration order as you do not have list rights in the directory. A Reserverations Admin role would be useful in this case.

  • Evert-Jan commented  ·   ·  Flag as inappropriate

    Make reservations part of the concept "Management groups" and handle them as subscriptions.

  • Andrey commented  ·   ·  Flag as inappropriate

    well, is it still planned?
    it's funny when spent millions for Azure consumption and need to manage reservation manually

  • ADM_Nicholas commented  ·   ·  Flag as inappropriate

    Please, at least provide a workaround (a powershell script?) to simplify the management until the feature is released.

  • Kurt Roggen commented  ·   ·  Flag as inappropriate

    Hi product team,
    Any progress on this issue? Does not seem to be a nice-to-have, but rather must-have.

  • Shane commented  ·   ·  Flag as inappropriate

    This is simply not fit for for purpose. A modern-day enterprise where one of potentially 20 people can create a reservation and only the creator can see them by default??? I'm amazed that RIs have been around so long and this has still not been addressed.

  • Shane commented  ·   ·  Flag as inappropriate

    As has already been said, this approach is simply ridiculous. Please add the functionality that would bring this in line with modern-day infrastructure management fit for the enterprise.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Has there been any update on this? You mentioned delivery by the end of last calendar year

  • Timothy commented  ·   ·  Flag as inappropriate

    I can't believe that I have to manually go in and add my admins to each reservation individually. This is maddening.

  • Calum O commented  ·   ·  Flag as inappropriate

    Is this still in the backlog? Seems like a pretty standard feature to expect out of something like this. Are there any ETAs? I see this as a bug, more than an idea.

  • Christian Margadant commented  ·   ·  Flag as inappropriate

    @Yashesvi Sharma: Is there any news about this feature in the backlog?
    It would be a great improvement for the management of reservations.

  • Jack Fruh commented  ·   ·  Flag as inappropriate

    I second this, as a global company with 70+ subscriptions and millions in azure spend, we need central management over this.

    Lester, I was able to see instances with powershell, but could not pull information or change anything I did not have access to.

  • Yashesvi Sharma commented  ·   ·  Flag as inappropriate

    Hi Folks - thanks for raising this feature. I am the PM for Azure RIs and can be reached at yashar[@]microsoft[dot]com

    We do have this feature in the backlog and we plan to deliver this before end of the calendar year. The approach that we are thinking of is that some billing roles will be able to see all RIs purchased in the org. Please reach out if you have any other inputs or suggestions.

  • Matthew Weaver commented  ·   ·  Flag as inappropriate

    This makes reporting RI costs to a common cost optimization platform difficult to impossible. The needs to be a better way.

← Previous 1

Azure Reservations

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice