Azure AD and Elevated Access

Today one of my colleagues contacted me around help with Authenticating his LCS project with our Azure AD. He had created his own subscription since he had no access to out top level tenant. When I went into the Azure Portal to look for the subscription I was not able to find it, which was a bit strange since I have the Global Admin Role.

Doing some research I found that there is something called Azure Elevated Access which is sort of UAC for Azure AD. This mean that even if you have Global Admin Access you will not be able to see everything you do not have specific access to. You will need to elevate your permissions in order to see everything.

This can be very useful in order or get access to subscriptions created in your Azure AD tenant that was created by someone else, maybe even someone that has left your organization.

In the Azure Portal, go to Azure AD. Select properties in the left side menu. At the bottom of the page there is a toggle switch called Azure Management for Azure Resources. While the switch is set to yes you are able to override permissions and set new ones.

Remember to set it back when you are done…

Links
Elevate access to manage all Azure subscriptions and management groups | Microsoft Docs

Leave a Reply