Azure: Cannot delete a child management group (AZ104 Lab 2)

S Ty 1 Reputation point
2021-08-26T23:01:30.383+00:00

Hello,

I am working on the AZ104 exercise Lab 2 (link) and I am literally at the FINAL STEP of the exercise (Clean Up Resources Step 11) but I could not delete the 'az104-02-mg1' management group - screenshot below shows the 'hierarchy' of the management groups - the 'az104-02-mg1' is currently UNDER the Tenant Root Group.

126830-fig-1.png

So I am using my main azure account to log on to the Azure Portal to attempt to delete that management group. So I clicked on the 'az104-02-mg1' which brings me to its details page. However, I see that the "Delete" icon is greyed out screenshot below)

126840-fig-2.png

So I tried to run the Azure CLI in the Powershell - and here is the error message when I tried to delete it using the Powershell Azure CLI - 

> PS /home/s>  az account management-group delete --name 'az104-02-mg1'      
>       
> AuthorizationFailed: The client '<account>' with object id '65a8ff19-9f21-4ad1-a93b-dc94e2ee37bc' does not have authorization to perform action 'Microsoft.Management/managementGroups/delete' over scope '/providers/Microsoft.Management/managementGroups/**az104-02-mg1**' or the scope is invalid. If access was recently granted, please refresh your credentials.

I followed the AZ104 Lab 2 (link) instructions faithfully. I couldn't get why I am getting this issue. I re-read the instructions a few times and there is no other privilege or access settings change other than the following:

126933-fig-3.png

The error says "Authorization error" - what did I miss?

Appreciate your help and inputs!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,436 questions
0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Imran Abdul Rauf 6 Reputation points
    2022-01-20T09:40:29.53+00:00

    Probably azure has incorrectly assigned your ownership to the management group you created.

    This happened one time with me

    Try these steps;

    1. Select the required MG
    2. Select Access Control (IAM) from the blade
    3. Click on "Role Assignments" tab
    4. Here you may see Unknown ownership
    5. Remove it and add yourself as Owner
    6. Now you can remove it easily.
    1 person found this answer helpful.
  2. Dave Patrick 426.1K Reputation points MVP
    2021-08-26T23:33:32.667+00:00

    Microsoft Certification Program is supported on their own forums. I'd try asking for help with course issues in dedicated forums here. (Participate\Ask A Question)
    Courses and Course Content/Course Content Issue

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  3. S Ty 1 Reputation point
    2021-08-26T23:42:20.01+00:00

    Thank you! I will post this over to the other forum.

  4. Alexander K. Whittenberg 1 Reputation point
    2021-10-08T16:50:59.557+00:00

    If anyone ever got the answer to this please let me know I am still unable to delete my child management group.

    0 comments
  5. Alexander K. Whittenberg 1 Reputation point
    2021-10-08T17:21:09.273+00:00

    Finally figured it out. For some reason my subscription was still tied to my Child Management group. Once I moved the subscription from the child management group back onto my Root management group it allowed me to delete the management group. Finally.