Microsoft Azure Ends Classic Administrator Roles
Azure Master Class
Apr 8, 2024 10:15 AM

Microsoft Azure Ends Classic Administrator Roles

by HubSite 365 about John Savill's [MVP]

Principal Cloud Solutions Architect

Azure DataCenterAzure Master ClassLearning Selection

Prepare for Azure Classic Admin Roles Retirement! Steps to Migrate & Preserve Access before Aug 31, 2024.

Key insights

  • Azure classic administrator roles, including Service Administrator and Co-Administrator, are being retired on August 31, 2024.
  • Microsoft advises migrating resources from the classic deployment model to the Resource Manager model to better manage access using Azure RBAC (Role-based Access Control).
  • The Owner role at subscription scope is the recommended equivalent for both Co-Administrators and Service Administrators, offering similar levels of access.
  • For those with a strong dependency on the classic roles, contacting ACARDeprecation@microsoft.com is advised to address specific scenarios.
  • The video highlights the benefits of transitioning to the Azure Resource Manager (ARM) model for enhanced management and security capabilities.

Understanding Azure Classic Administrator Roles

The move away from Azure's classic administrator roles reflects Microsoft's ongoing effort to streamline cloud resource management and enhance security. The classic roles include Account Administrator, Service Administrator, and Co-Administrator, each providing vast control over Azure services and resources under the older deployment model. However, as Microsoft Azure has evolved, so has its approach to resource management and access control.

The introduction of the Azure Resource Manager (ARM) model marked a significant step forward, offering more sophisticated tools like Azure RBAC (Role-Based Access Control) to manage permissions with much greater granularity. The ARM model emphasizes improved access controls, better resource grouping, and the ability to tag resources for easier management and billing categorization. The move towards ARM and away from the classic deployment model signifies Microsoft's commitment to offering more secure, manageable, and flexible cloud services.

The withdrawal of the classic administrator roles by August 2024 highlights the importance for organizations to adapt to the modern cloud management approach. Transitioning to the ARM model and utilizing roles like Owner, Contributor, and Reader will not only align organizations with current best practices but also enhance their ability to manage cloud resources effectively and securely. Therefore, the emphasis on preparing for this transition is crucial for all Azure users still relying on the classic deployment model.

Azure Master Class focuses on the transition from using classic administrator roles to adopting more modern management structures within Microsoft Azure. Microsoft is advising users to utilize Azure role-based access control (RBAC) due to the upcoming retirement of the classic deployment model. This involves moving away from using Service Administrator and Co-Administrator roles for managing Azure resources.

To facilitate this transition, Microsoft stresses the importance of migrating resources from the classic deployment to the Resource Manager deployment. This shift comes as Microsoft plans to phase out access for Co-Administrators and Service Administrator roles starting August 31, 2024. It directs users to consider assigning the Owner role at a subscription scope, which allows for equivalent access levels, albeit with more responsibility and broader access to Azure resources.

For those who heavily rely on the classic Co-Administrators or Service Administrator roles, Microsoft provides guidance on reaching out for support during this transition. By emailing ACARDeprecation@microsoft.com, users can seek help and advice on adapting to the changes. The video also explains the distinction between the Azure Classic Deployment model and the newer Azure Resource Manager (ARM) model, highlighting ARM's advanced capabilities in management, security, and resource organization.

  • The Account Administrator role is the highest administration level within the classic deployment model, managing billing and subscription access.
  • The Service Administrator has authority over service management within subscriptions but not over billing or subscription creation.
  • Co-Administrators share many of the same permissions as Service Administrators, excluding certain administrative rights.

Microsoft's direction towards using ARM for new resources comes from its superior features in access control, resource grouping, and tagging. The Azure Master Class encourages users to transition to ARM, ensuring they are making the most out of Azure's evolving platform and its enhanced capabilities. Through this change, Microsoft aims to streamline Azure's management experience, promoting a more secure and efficient environment for managing cloud resources.

Understanding Azure's Transition from Classic to Modern Management

The Azure Master Class brings to light the essential transition from Azure's classic administrative roles to more contemporary and secure management practices. This change stems from Microsoft's aim to enhance the security, efficiency, and management capabilities within Azure. Microsoft advises users to convert their resources to the newer Azure Resource Manager model, as it provides improved access control, resource organization, and tagging over the classic deployment model.

As the deadline for the cessation of classic Co-Administrators and Service Administrator roles approaches, Microsoft is dedicated to supporting its users. It provides resources and guidance for those with strong dependencies on the classic roles. Users are encouraged to adopt the Owner role for similar access levels, albeit with a more concentrated focus on security and efficiency.

The video also gives a succinct overview of the classic administrator roles, including Account Administrator, Service Administrator, and Co-Administrator. These roles, which were fundamental to the classic deployment model, are being phased out in favor of the more granular permissions and better resource management offered by the Azure Resource Manager model.

As Azure continues to evolve, Microsoft's focus on promoting the use of Azure Resource Manager reflects its commitment to providing a more sophisticated, secure, and efficient platform. This transition not only modernizes Azure's administrative roles but also aligns with Microsoft's broader vision for cloud services. The Azure Master Class serves as a vital resource for understanding these changes and preparing for a more advanced Azure environment.

Azure Master Class

 -

People also ask

Questions and Answers about Focus/Azure Weekly Update

"What is classic administrator in Azure?"

Classic subscription administrators possess comprehensive control over the Azure subscription. This includes the capability to administer resources via the Azure portal, Azure Resource Manager APIs, as well as classic deployment model APIs.

"How do I disable admin account in Azure?"

To disable an admin account in Azure, you need to log into the Azure portal as a Global Administrator. Navigate to Azure Active Directory > Devices > Device settings. Here, you'll find the option 'Manage Additional local administrators on all Azure AD joined devices'. From there, select the user you wish to remove and opt for 'Remove Assignments'.

"How do I change the administrator on my Azure account?"

To modify the administrator on your Azure account, the process involves assigning a new subscription administrator.

"Can an Azure subscription have multiple administrators?"

Although it is possible to designate service administrators and co-administrators within the Azure Portal, it is important to note that there can be only one account administrator at any given time.

Keywords

Azure Classic Administrator Removal, Azure Classic Roles, Azure IAM, Azure RBAC, Azure Administration, Azure Access Management, Azure Security, Azure Migration