Use role-based access control

Security · Subscription · Rule · 2020_06 · Important

Delegate access to manage Azure resources using role-based access control (RBAC).

Description

Use of Co-administrator is intended to support management of resources deployed using the Classic deployment model. Resources deployed in the Resource Manager model do not require delegation of Co-administrators.

Azure RBAC provides greater flexibility and control providing over 100 built-in roles. Additionally RBAC works with advanced advanced security features like Privileged Identity Management (PIM).

Recommendation

Consider delegating access to manage Azure resources using RBAC instead of classic Co-administrator roles. Limit delegation of Co-administrator roles only to subscription that contain resources deployed in the Classic deployment model.

Links

• Azure classic subscription administrators
• Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles
• What is Azure AD Privileged Identity Management?

Comments