Share administrative privileges for your Azure subscription

Once you have signed up for an Azure subscription, you can give administrative access to additional Microsoft accounts. This is done differently depending on whether you are using the classic Azure portal or the Azure portal. If you want the new account to be able to administer the subscription in both portals, you must make sure it has been given access in each portal. You want to do this if you need someone to administer the Azure AD for the subscription or if the subscription contains classic resources.

As we discussed previously, the Azure portal uses RBAC, and the classic Azure portal does not. This means in the classic Azure portal, you can only grant full administrative (co-admin) access to an account.

Add administrative privileges in the Azure portal

We just saw how to grant administrative privileges to a resource group in the Azure portal. Granting administrative privileges is almost the same process, except instead of selecting a resource group, you select the subscription.

Go to the hub (the selector on the far left) and select Subscriptions, then select the Subscription to which you want to add an administrator. Click Settings to go to the Settings blade, and then select Users.

From the Users blade, you can use the same process we used before. Click Add, select the Owner role this time, select the user to whom you want to grant this role, and click OK to add the user to the RBAC settings for the subscription. They will show up in the Users blade with the user’s new permission.

If you want to grant access to one specific resource, you can select the resource from the All Resources blade, go to Settings > Users, and add a user and role exactly the same way.

Granting administrative privileges in the classic Azure portal

To grant administrative access to an account in the classic Azure portal, add the user’s account as a co-administrator to the subscription. This account will have all of the same privileges as the owner of the original subscription, but it does not allow the user to change the service administrator or to add and remove other co-administrators.

By using the classic Azure portal with administrative access, the user can access and maintain classic resources, such as classic storage accounts. There are also some Resource Manager resources that the account can impact, such as Web Apps. However, this user can’t see storage accounts and virtual machines created with the Resource Manager deployment model.

Note that co-administrators are automatically added to the Subscription Admin RBAC role.