I need to assign a policy to the tenant root management group from a new user account.

2024-05-01T18:56:11.2833333+00:00

what is the role needed for the user? How to do it?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
842 questions
0 comments No comments
{count} votes

Accepted answer
  1. Navya 13,455 Reputation points Microsoft Vendor
    2024-05-03T12:52:37.0066667+00:00

    Hi @Linares Carramolino, Maria Concepción

    Thank you for posting this in Microsoft Q&A.

    I understand you want to assign a policy to the tenant root management group from a new user account.

    At least one of the roles - Owner, Resource Policy Contributor, or User Access Administrator must be assigned to the user account in order to assign policies to the tenant root management group.

    User's image

    For your reference: https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#management-group-access

    To Assign a policy to the tenant root management group follow the steps which mentioned in this document: https://learn.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage#assign-a-policy

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.


1 additional answer

Sort by: Most helpful
  1. Azar 23,650 Reputation points MVP
    2024-05-01T19:40:06.2266667+00:00

    Hi there Linares Carramolino, Maria Concepción

    Thats a good question and thanks for using QandA platform

    So to assign a policy to the tenant root management group in Azure, you'll need the appropriate role assignment. Typically, the role required to manage policies at the tenant root management group level is the "Owner" role or a custom role with permissions to manage policies.

    Once the user account has been assigned the appropriate role (e.g., "Owner"), they will have the necessary permissions to manage policies at the tenant root management group level.

    Now, to actually assign a policy to the tenant root management group, the user with the assigned role can follow these steps:

    1. Navigate to the Azure Policy blade in the Azure portal.
    2. Select "Assignments" from the left-hand menu.
    3. Click on "Assign policy" to create a new policy assignment.
    4. Choose the scope as the tenant root management group.
    5. Select the desired policy definition and configure any parameters or conditions.
    6. Review and confirm the assignment.

    If this helps kindly accept the answer thanks much.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.