question

Aquilino-2826 avatar image
0 Votes"
Aquilino-2826 asked sikumars answered

Adding the same SPN to hundreds of cloud subscriptions

I'd like to use the same SPN which has elevated rights on hundreds of independent Azure subscriptions.
Is it possible to take the same SPN and just automatically have it added to every account and any new account that gets created?

azure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sikumars avatar image
1 Vote"
sikumars answered

Hello @Aquilino-2826,

Thanks for reaching out.

A feasible way in this scenario would when you have all Azure cloud subscription are added into a single Management Group so that you get to manage all existing as well new subscription that are linked to specific management group

By leveraging Management Group which would provides centralized management for resources across subscriptions and there are other benefits of using Management group, to learn more refer.

Here is hierarchy of RBAC role access so you can either assign role to specific user, group or service principal at either in Management group, or subscription level or at resource level as shown below:

133528-image.png

Reference:

Add subscription to Management group

133595-image.png

Assign role at Management group level

133543-image.png

Example: Lets say you have 100+ existing subscription that are added to added to single management group and Owner role assigned to specific service principal at Management group level so when you go to each subscription then you would see role RBAC inherited from management group as shown below:

133509-image.png

Hope this helps.



Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



image.png (21.5 KiB)
image.png (82.7 KiB)
image.png (68.7 KiB)
image.png (60.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.