The goal of this post is to serve as a quick guide to gaining access to all Azure subscriptions.
The Context
By default, when someone creates a subscription or object in Azure, only that user has access to it. A little over a year ago I reached out to Azure support asking if there is a way for an admin to see everything that any user creates. Their response was “no” and that if the user containing the subscription is deleted, then the subscription is as well.
Cool cool cool cool cool. So I asked our developers to please add me as an admin on any subscriptions that they create. As you’d expect, this didn’t work. They’ve created several subscriptions and either forgot or didn’t take the time to add me to them.
This lead to today, where I was asked about our Microsoft billing. I asked the developers if they had subscriptions that I didn’t have access to and if they could grant me access to them. “I’ll check today and get you added to things”. I didn’t want to have to wait to nag them again later, so I figured I’d do another search to see if things had changed.
The solution
Sure enough, they have changed! It looks like Microsoft posted a KB article on how to deal with this on 2019-12-03: “Elevate access to manage all Azure subscriptions and management Groups“.
This requires you to be a Global Admin and can only be enabled on the signed-in admin. If there are any other global admins that need access, they will have to walk through these steps themselves.
The steps:
- Log into the Azure portal
- Search for Azure Active Directory and click into it
- Under Manage click Properties
- At the bottom, enable Access management for Azure resources
- Click Save
- Log out and back in
- In the Azure portal, search for Subscriptions and click into it
- Click Switch directories
- Change the Default Subscription filter to All subscriptions
“That’s it”. You should now be able to see, access, and manage all Azure subscriptions.