Skip to content

Use role-based access control#

Security · Subscription · Azure.RBAC.CoAdministrator

Delegate access to manage Azure resources using role-based access control (RBAC).

Description#

Use of Co-administrator is intended to support management of resources deployed using the Classic deployment model. Resources deployed in the Resource Manager model do not require delegation of Co-administrators.

Azure RBAC provides greater flexibility and control providing over 100 built-in roles. Additionally RBAC works with advanced advanced security features like Privileged Identity Management (PIM).

Recommendation#

Consider delegating access to manage Azure resources using RBAC instead of classic Co-administrator roles. Limit delegation of Co-administrator roles only to subscription that contain resources deployed in the Classic deployment model.


Last update: 2021-09-24