BluePrint on Management Group

Mukesh Bhakar 36 Reputation points
2021-07-06T16:05:47.203+00:00

I am trying to apply one policy to lock all recovery service vaults using azure blueprint on the Tenant Root Group. I am the owner of the group but still, it says below-

You require additional permissions to manage blueprints within this management group. Contact the administrator of the management group to request Contributor rights.

My Target to stop delete lock from subscription owners.

Azure Blueprints
Azure Blueprints
An Azure service that provides templates for quick, repeatable creation of fully governed cloud subscriptions.
70 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SadiqhAhmed-MSFT 36,961 Reputation points Microsoft Employee
    2021-07-20T16:51:32.597+00:00

    @Mukesh Bhakar - Thank you for your post and I apologize for the delayed response!

    What is the context where you are seeing this error? How are you attempting to deploy the blueprint? How are you confirming that you are an owner of the management group (MG)?

    For what its worth, blueprints can only deploy resources to a single subscription at a time. If you want to apply a policy to all subs under a particular MG, that will require a blueprint assignment per sub. We allow you to store the blueprint assignment resource at an MG, but only to prevent a subscription owner from removing the blueprint assignment (and the lock associated with it). If the blueprint only has policies, then I’d recommend assigning the policy directly to the MG.

    ---------------------------------------------------------------------------------------------------------------

    If the response helped, do "Accept Answer" and up-vote it.

    1 person found this answer helpful.