Forum Discussion

khaled1405's avatar
khaled1405
Icon for Microsoft rankMicrosoft
Apr 09, 2020

default a subscription to a management group

How could you enforce a new subscription to be assigned to an existing management group, other than the root management group? Could you use an Azure policy at the root group management to do it?  

  • kwiecek's avatar
    kwiecek
    Copper Contributor

    khaled1405, I wish to have that implemented by the policy. For now, the way to do that is to react to the subscription creation event or periodically move a subscription to one of MGs with a script ( Azure Functions/ Azure Automations/ any other compute. )

     

    I can add writing about that to my backlog if you're interested in that.

    • khaled1405's avatar
      khaled1405
      Icon for Microsoft rankMicrosoft
      Thanks kwiecek. I think the best approach until we get the native feature is to have an external workflow to request a subscription. That workflow will assign the subscription to the right management group and assign a custom RBAC on the subscription to the users. A blueprint could potentially make it more elegant.
  • khaled1405 , this is isn't something you can't change currently, but I read somewhere this is in the product roadmap for soon, i.e., being able to specify the default Management Group for new subscriptions. I don't know the ETA, though.

Resources