Skip to content

Use role-based access control#

Security · Subscription · Rule · 2020_06 · Important

Delegate access to manage Azure resources using role-based access control (RBAC).


Use of Co-administrator is intended to support management of resources deployed using the Classic deployment model. Resources deployed in the Resource Manager model do not require delegation of Co-administrators.

Azure RBAC provides greater flexibility and control providing over 100 built-in roles. Additionally RBAC works with advanced advanced security features like Privileged Identity Management (PIM).


Consider delegating access to manage Azure resources using RBAC instead of classic Co-administrator roles. Limit delegation of Co-administrator roles only to subscription that contain resources deployed in the Classic deployment model.