I'm building an Azure Management Group structure where I'm having issues with the add subscription option to a sub-management group where the option is grayed out when Owner role is assigned via and AAD Security group. So in short, does Azure Management groups support permission management via AAD Security groups?
Some details:
- I'm global admin
- The AAD Group is Owner on root management group and inherited down
- On the management group I have assigned an Azure AD (AAD) Security Group the role Owner of which my account is member of. The security group has the option "Azure AD roles can be assigned to the group" set.
I have played around and also assigned my AAD security group the role "Management Group Contributor" without success. I have also added the group on root level so its inerited. If I instead assign my account directly the Owner role on the management group then it works and I can add subscriptions.
I have checked the documentation available and cannot find anything about security groups not being supported.
(Have same question on Stack Overflow)