Share via

Transition to role-based access control (RBAC) in Azure by 31 August 2024

DA [ADMIN] 25 Reputation points
2024-08-21T09:30:02.81+00:00

We have received the following email from Microsoft:

Transition to role-based access control (RBAC) in Azure by 31 August 2024 You're receiving this notice because you use Azure classic administrator roles. On 31 August 2024, Azure classic administrator roles will be retired**. If your organization has active Co-Administrator or Service Admin roles, you'll need to transition to using Azure RBAC roles by then. (All Azure classic resources and Azure Service Manager will also be retired on that date.)** You may continue using these Azure classic admin roles until they're retired. However, starting 3 April 2024, you'll no longer be able to add new Co-Administrator roles through the Azure portal**.** Required action To avoid potential disruptions in service, transition any classic admin roles that still need access to your subscription to an Azure RBAC role by 31 August 2024, when classic admin roles will no longer be supported.

We use Azure for managing Microsoft 365 application services (SSO and Office 365) via AAD Connect. We're not making use of Azure VMs and other cloud resources like that.

The subscriptions area of Azure shows no entries. I can see the Access to Azure Active Directory subscription only via Cost Management + Billing. Its shows the following:

Status: Disabled

Subscription: Access to Azure Active Directory

Role: Account administrator

Offer: Access to Azure Active Directory

I suspect that no further action is required on our part, but I'm not 100% certain. How can I determine if changes should be made and what would need changing?

Thanks

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
979 questions
0 comments
Accepted answer
  1. Raja Pothuraju 24,135 Reputation points Microsoft External Staff Moderator
    2024-08-22T20:45:14.95+00:00

    Hello @DA [ADMIN],

    Thank you for posting your query on Microsoft Q&A.

    I understand that you received an email notification with the subject: "Action required: Transition from Azure classic administrator roles to RBAC roles." You mentioned that you use Azure primarily for managing Microsoft 365 application services (such as SSO and Office 365) via AAD Connect, and you do not use Azure VMs or other cloud resources.User's image

    I've attached a screenshot for reference to ensure we're on the same page. Since you are not using Azure VMs or any other cloud resources, there is no issue, and no further action is required regarding this notification, as you don't have any active subscriptions in your tenant.

    As you mentioned, under Cost Management + Billing >> Management Groups, you can see a subscription named "Access to Azure Active Directory" with a status of "disabled," which was assigned to a user account with the Account Administrator role.

    Regarding the history of the "Access to Azure Active Directory" subscription: These subscriptions are a legacy type that is no longer used. You don't need to take any action on this subscription.

    These subscriptions were created in the past and were used to connect to the Azure portal.

    These subscriptions were originally created to allow access to the Azure portal. They were necessary because the older Azure Portal (the classic one at https://manage.windowsazure.com) required users to have an associated Azure subscription to access Azure Active Directory and other Azure resources.

    However, with the introduction of the current Azure Portal (available at https://portal.azure.com), this legacy subscription type became obsolete.

    In summary, no action is required for this subscription.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Thanks,

    Raja Pothuraju.

    4 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 29,570 Reputation points Volunteer Moderator
    2024-08-21T14:46:50.4766667+00:00

    How do I know what subscriptions have classic administrators?

    • You can use an Azure Resource Graph query to list subscriptions with Service Administrator or Co-Administrator role assignments or sign into your subscription and check like screenshot below. For steps see List classic administrators.

    Screenshot of Access control (IAM) page with Classic administrators tab selected.

    See: https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators?tabs=azure-portal

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    3 people found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.