Management Groups Unavailable in Tenant: Limited Account Control and Organization

Danny Heinrich 0 Reputation points
2023-06-22T05:56:14.62+00:00

An issue has emerged in the tenant's account management system, as indicated by the error message: "Management Groups are not enabled in this tenant." Without this essential feature, managing and organizing resources within the tenant becomes a challenging task.

I since yesterday try to figure out how i can access the Group Management. I'm a "Global Administrator" and already granted to "Access management for Azure resources".

Going in Azure to Home > Management Groups > Overview: I see he infinity ring.

Going to Azure to Home > Management Groups > Settings: And hit "Permissions for creating new management groups"

I got the following Error:

The client 'my.name@my.domain' with object id xxxxxxx-9a74fedf03cd' does not have authorization to perform action 'Microsoft.Management/managementGroups/settings/...' over scope '/providers/Microsoft.Management/managementGrou...xxxxxxx-818ccaea25df/settings/default' or the scope is invalid. If access was recently granted, please refresh your credentials.

I hope someone can help me understand what the issue is and point me into the right direction. I found myself lost within the Azure Documentation. Everything I found was already capable of creating Management Groups.

$ az config set core.allow_broker=true
$ az account clear
$ az login
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "xxxxxxx-818ccaea25df",
    "id": "xxxxxxx-1296f2bc0393",
    "isDefault": true,
    "managedByTenants": [],
    "name": "projectA",
    "state": "Enabled",
    "tenantId": "xxxxxxx-818ccaea25df",
    "user": {
      "name": "my.name@my.domain",
      "type": "user"
    }
  },
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "xxxxxxx-818ccaea25df",
    "id": "xxxxxxx-3ba6acce9e01",
    "isDefault": false,
    "managedByTenants": [],
    "name": "projectB",
    "state": "Enabled",
    "tenantId": "xxxxxxx-818ccaea25df",
    "user": {
      "name": "my.name@my.domain",
      "type": "user"
    }
  },
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "xxxxxxx-818ccaea25df",
    "id": "xxxxxxx-5cf5476a13f8",
    "isDefault": false,
    "managedByTenants": [],
    "name": "projectC",
    "state": "Enabled",
    "tenantId": "xxxxxxx-818ccaea25df",
    "user": {
      "name": "my.name@my.domain",
      "type": "user"
    }
  }
]

$ az account management-group list --no-register
(NotFound) Management Groups are not enabled in this tenant.
Code: NotFound
Message: Management Groups are not enabled in this tenant.
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
982 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.