Share via

Query on Subscription

Glenn Maxwell 13,141 Reputation points
2023-01-09T02:50:18.097+00:00

Hi All

For an Azure Subscription can i provide Office 365 distribution list owner access to it. i.e from Subscription-IAM-provide owner access.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. JamesTran-MSFT 37,221 Reputation points Microsoft Employee Moderator
    2023-01-11T00:21:34.437+00:00

    @Glenn Maxwell Thank you for following up on this!

    When it comes to assigning the Owner built-in RBAC role to an Azure Subscription, if your DL was created solely from the Exchange Admin Center, you'll have to first find out what type of Group it is - Security or Microsoft 365. For more info - Group Types.

    1. Navigate to Azure Active Directory
    2. Select Groups from the left pane
    3. Search for your Distribution list

    278132-image.png

    Once you find out your Exchange Online DL's type, if your DL's Azure AD Group is of type Microsoft 365 or Distribution, you won't be able to assign an RBAC role to these group(s). However, you can resolve this by either creating an Azure AD Security Group from the same page and assigning your DL members to this group, or you can assign your DL members the Owner RBAC role individually.

    Creating an Azure AD Security Group: If you intend on creating a new Azure AD Security group and assigning all your DL members to this group.

    1. Within Azure Active Directory
    2. Select Groups from the left pane
    3. Select New Group
    4. Select Group Type - Security
    5. Fill in the required fields and add your Exchange online DL users to the group
    6. Create your Azure AD Security group. 278026-image.png

    Once you've decided if you want to create a new Azure AD Security group or individually assign RBAC roles, you can follow the below steps to assign the Owner role to your DL members.

    Assign the Owner RBAC Role:

    1. Within the Azure Portal
    2. Navigate to Subscriptions
    3. Select your Azure Subscription
    4. Click Access Control (IAM)
    5. Click the Role assignments tab to view the role assignments at this scope
    6. Click Add > Add role assignment
    7. Select the Owner role and your Azure AD Security Group or select the specific users.
    8. Once you've made the correct selections Review + assign. 278112-image.png

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 37,221 Reputation points Microsoft Employee Moderator
    2023-01-09T23:04:43.29+00:00

    @Glenn Maxwell
    Thank you for your post!

    From the create and manage distribution list groups in Exchange Online documentation, the only way to assign Owner permissions to a distribution group would be through the Exchange admin center and not through Azure RBAC (IAM).

    Use the new EAC to create distribution list groups:

    1. In the new EAC, navigate to Recipients > Groups > Distribution list.
    2. Click Add a group and follow the instructions in the details pane.
    3. Under Choose a group type section, select Distribution and click Next.
    4. Under Set up the basics section, enter the details and click Next.
    5. In Assign owners section, click + Assign owners, select the group owner from the list

    Additional Lins:
    Azure built-in roles

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.