![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 87%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
922 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello @Paul Smith
Essentially you are being notified that one or more user accounts for one or more Azure Subscriptions you manage has an administrator and/or co-administrator assignment.
Classic resources and classic administrators will be retired on August 31, 2024. Starting April 30, 2025, you won't be able to add new Co-Administrators. This date was recently extended. Remove unnecessary Co-Administrators and use Azure RBAC for fine-grained access control.
Microsoft recommends that you manage access to Azure resources using Azure role-based access control (Azure RBAC). However, if you're still using the classic deployment model, you'll need to use a classic subscription administrator role: Service Administrator and Co-Administrator. For information about how to migrate your resources from classic deployment to Resource Manager deployment, see Azure Resource Manager vs. classic deployment.
To transition to RBAC, you will need to create custom roles that define the specific permissions needed for your users to perform their tasks. You can then assign these roles to your users or groups. If you don’t have the right access or if you're unsure about your role, reaching out to your Azure Subscription Owner or Administrator might be necessary to get the necessary permissions or assistance with the transition to RBAC.
To get started, you can follow the steps outlined in this document.
Classic RBAC was the older model before Azure RBAC was introduced. To check if your subscription is still using Classic RBAC, follow these steps: If you're using Classic RBAC, there might be a section indicating the use of Classic Access Control. You'll see a tab labeled "Classic" or references to it if Classic RBAC is enabled.
Similar Q&A article: Transition-to-role-based-access-control-(rbac)-in - Article 1
Transition-to-role-based-access-control-(rbac)-in - Article 2
Transition-to-role-based-access-control-(rbac)-in -Article 3
If you don't take any action, your classic administrator roles will continue to work until 30 April 2025. After that date, any users or groups assigned to classic administrator roles will lose access to those roles, and you will need to transition to RBAC to manage access to your resources.
If you don't have any "Classic Administrators" in Your subscriptions, but You have still received this email then please do check this Q&A article: https://learn.microsoft.com/en-us/answers/questions/1616658/transition-to-role-based-access-control-(rbac)-in https://learn.microsoft.com/en-us/answers/questions/2236415/classic-administrators-x-rbac
I hope this clarifies things.
Please remember to "Accept Answer", so that others in the community facing similar issues can easily find the answers.