How to block a normal user to create subscription in MCA?

Question

How to block a normal user to create subscription in MCA?

Danny Wong 10 Microsoft Employee

Customer would like to block the subscription creation for normal user (such Azure subscription, MSDN subscription, Free trail subscription...etc), only the admin user can create it. In EA, they can apply the policy in the EA portal --> Enrollment, how to do it for MCA customer? Thanks

1 answer

Your answer

Answer 1

Hey @Danny Wong

From the materials I'm coming across [1] [2], this isn't possible.

You can try the following policy, but it has to be tested. In the meantime, feel free to reach out to me on Teams. If I come across any updates, I'll be sure to post them.

{
  "properties": {
     "displayName": "Prevent Subscription Creation",
    "policyType": "Custom",
    "mode": "All",
    "description": "This policy prevents users from creating subscriptions directly under the tenant level.",
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Deny"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Subscription/subscriptions"
          },
          {
            "field": "Microsoft.Subscription/subscriptions/tenantId",
            "equals": "[parameters('tenantId')]"
          }
        ]
      },
      "then": {
        "effect": "[parameters('effect')]"
      }
    }
  }
}

Danny Wong 10 Reputation points Microsoft Employee

2025-03-17T20:29:26.4+00:00

Is your script only blocking the non-admin users? Thanks

Share via

How to block a normal user to create subscription in MCA?

1 answer

Your answer