Adding the same SPN to hundreds of cloud subscriptions

Aquilino 1 Reputation point
2021-09-16T15:27:04.143+00:00

I'd like to use the same SPN which has elevated rights on hundreds of independent Azure subscriptions.
Is it possible to take the same SPN and just automatically have it added to every account and any new account that gets created?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,229 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,576 Reputation points
    2021-09-20T10:08:37.387+00:00

    Hello @Aquilino ,

    Thanks for reaching out.

    A feasible way in this scenario would when you have all Azure cloud subscription are added into a single Management Group so that you get to manage all existing as well new subscription that are linked to specific management group

    By leveraging Management Group which would provides centralized management for resources across subscriptions and there are other benefits of using Management group, to learn more refer.

    Here is hierarchy of RBAC role access so you can either assign role to specific user, group or service principal at either in Management group, or subscription level or at resource level as shown below:

    133528-image.png

    Reference:

    Add subscription to Management group

    133595-image.png

    Assign role at Management group level

    133543-image.png

    Example: Lets say you have 100+ existing subscription that are added to added to single management group and Owner role assigned to specific service principal at Management group level so when you go to each subscription then you would see role RBAC inherited from management group as shown below:

    133509-image.png

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments