delegating user/permissions management for Azure resources RRS feed

  • Question

  • Hello All, 

    We have an internal IT group which is responsible for managing our corporate AD.  That AD ('\\zytex) is synched with AzureAD for authentication to our Office365 subscriptions. 

    We do have several Azure subscriptions containing dev/test and production resources that we would like to control access to.  \\zytex users are visible and can be assigned roles and permissions to our subscriptions in Azure Portal.

    We would like to delegate the ability to create permission groups for Azure and add/remove \\zytex users to those permissions groups to  a few developers instead of requiring internal IT to be involved.

    We have been looking at administrative units and self-service groups, but we are unsure of the best way to implement our requirements.

    please suggest the best practices.

    • Edited by Tekbloke Friday, July 20, 2018 5:38 PM highlighted the focused points
    Friday, July 20, 2018 5:36 PM


All replies