Use role-based access control#
Delegate access to manage Azure resources using role-based access control (RBAC).
Use of Co-administrator is intended to support management of resources deployed using the Classic deployment model. Resources deployed in the Resource Manager model do not require delegation of Co-administrators.
Azure RBAC provides greater flexibility and control providing over 100 built-in roles. Additionally RBAC works with advanced advanced security features like Privileged Identity Management (PIM).
Consider delegating access to manage Azure resources using RBAC instead of classic Co-administrator roles. Limit delegation of Co-administrator roles only to subscription that contain resources deployed in the Classic deployment model.
- Azure classic subscription administrators
- Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles
- What is Azure AD Privileged Identity Management?