Share via

Azure AD role assignment groups for subscription roles?

Joe H 96 Reputation points
2022-04-11T14:46:58.883+00:00

Is it possible to use Azure AD role assignment groups for Azure subscription roles instead of Azure AD roles? (https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept)
The desired result is that I can assign groups to roles in the Azure subscription, and membership of those groups can only be modified by Global Admins or Privledge Admins.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,826 questions
0 comments
Accepted answer
  1. Alan Kinane 16,796 Reputation points MVP
    2022-04-11T15:58:00.83+00:00

    No, this is not possible. Azure uses RBAC role assignments rather than Azure AD roles - https://learn.microsoft.com/en-us/azure/role-based-access-control/overview

    https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#differences-between-azure-roles-and-azure-ad-roles

    191972-image.png

    You can still assign users to Azure AD security groups and assign RBAC roles to these security groups however.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest