![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 94%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
The issue is caused by your account no longer having an Owner-level role assignment on the subscription. With only Reader access, creating or deleting resources is blocked.
Use the following approaches depending on your situation:
- Check the directory and your access
- In the Azure portal, select your account in the top-right corner and choose Switch directory. Make sure the correct Microsoft Entra directory (tenant) is selected, then go to Subscriptions and open the affected subscription.
- In the subscription, go to Access control (IAM) → View my access and confirm your current role (Reader, Owner, etc.). If it shows only Reader, you need an Owner assignment.
- If a Global Administrator in the tenant can help
A Microsoft Entra Global Administrator can temporarily elevate access and restore an Owner assignment:
- Global Admin goes to Azure portal → Microsoft Entra ID → Properties and turns on Access management for Azure resources to elevate access.
- They then go to Subscriptions → select your subscription → Access control (IAM) → Add role assignment and assign the Owner role to your user at subscription scope.
- After that, they should turn off the elevated access setting.
- If classic administrators were removed or changed
Classic Co-Administrator/Service Administrator roles are retired and should be replaced with Azure RBAC roles. If those classic roles were removed without ensuring at least one Owner assignment, access to the subscription can be lost or reduced. To fix this, a Global Administrator must:
- Follow the steps to elevate access to manage all subscriptions in a tenant.
- Assign the Owner role at subscription scope to the correct user(s).
- Remove elevated access.
- If the subscription was transferred to another directory If the subscription was moved to a different Microsoft Entra directory, all role assignments in the original directory are permanently deleted and not migrated. In the target directory, an admin must recreate role assignments, including assigning you the Owner role, and recreate any managed identities if needed.
- If no one seems to have Owner/billing control If the original billing owner left or the subscription is effectively orphaned, Azure notifies remaining Billing account owners and Subscription Owners with an email and portal banner that lets them accept billing ownership. One of those users must accept ownership and then assign you the Owner role at subscription scope.
If you cannot identify any admin who can perform these steps, create a billing/support request from the Azure portal so support can review the subscription and help identify or restore appropriate ownership.
References:
- Troubleshoot Azure RBAC
- No subscriptions found sign in error for Azure portal
- Add or change Azure subscription administrators
- Transfer Azure product billing ownership to a Microsoft Customer Agreement
- Azure classic subscription administrators
- Azure roles, Microsoft Entra roles, and classic subscription administrator roles