Exercise - Get access to an Azure subscription

  • 5 minutes

Your organization needs to grant administrator access for a subscription to a new administrator. The previous administrator left the company without assigning administrator access to another employee. No one else has access to this subscription.

In this unit, you'll temporarily elevate your own permissions to get access to this subscription. You'll look at how to assign subscription ownership to the new administrator. You'll then revoke your elevated access.

This exercise is optional. To complete it, you need access to an Azure subscription where you have the Global Administrator role for your account. If you don't have an Azure subscription, create a free account before you begin.

Elevate your access

  1. Sign in to the Azure portal as Microsoft Entra Global Administrator.

  2. Select Microsoft Entra ID, then select the Properties tab.

    Screenshot of the Microsoft Entra Properties pane.

  3. Under Access management for Azure resources, select Yes.

    Screenshot of the "Access management for Azure resources" option

  4. Select Save.

  5. Sign out of the Azure portal and sign in again to refresh your access.

Verify that you have the User Access Administrator role

  1. At the top of the Azure portal, search for Subscriptions.

  2. Select the relevant subscription. Now that you have elevated access at the root scope, you should see all subscriptions in your directory.

  3. Select Access control (IAM) > Role assignments.

  4. Under User Access Administrator, ensure that you have the Root (inherited) scope.

    Screenshot displaying the User Access Administrator role assigned.

Assign a user as an administrator of a subscription

Because you're using your own subscription, you might want to walk through the following procedure without saving the Owner role assignment in step 5.

  1. At the top of the Access control (IAM) pane, select Add.

  2. Select Add role assignment.

  3. On the Role tab, select the Owner role.

  4. At the bottom of the page, select Next.

  5. On the Members tab, select + Select members.

    Screenshot of the Member tab on the Add role assignment page.

  6. On the Select members page, enter the username or email address of the user to whom you want to grant access and select Select.

  7. Select Next.

  8. Select Review + Assign.

  9. If you want to complete the Owner role assignment, select Review + Assign. Otherwise, close the page.

Revoke your elevated access

  1. In the Azure portal, select Microsoft Entra ID > Properties.
  2. Under Access management for Azure resources, select No.
  3. Select Save.
  4. Sign out of the Azure portal and sign in again to refresh your access.