Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Assigning admin roles

Published: October 1, 2013

Updated: October 1, 2013

Applies To: Windows Azure

By default, users do not have administrator permissions, but you can optionally assign them. Currently, you can only select the Global Administrator admin role using the Windows Azure Management Portal. This will be updated to support additional admin roles in the future.

When you assign an admin role using any of the portals (or cmdlets), it is important you understand that this change will be tenant-wide, so assigning an admin role in one portal will grant the user the same permissions across all of the services that your organization has subscribed to. For more information about how your tenant works, see Administering your Azure AD directory.

The global administrator has access to all administrative features. By default, the person who signs up for a Windows Azure account on behalf of your organization automatically becomes the first global administrator in your tenant. Only global administrators can assign other administrator roles. There can be more than one global administrator at your organization. A global administrator has the following permissions in the directory:

  • View organization and user information

  • Manage support tickets

  • Reset user passwords

  • Perform billing and purchasing operations

  • Create and manage user views

  • Create, edit, and delete users and groups, and manage user licenses

  • Manage domains

  • Manage organization information

  • Delegate administrative roles to others

  • Use directory synchronization

Use the following steps to assign or remove the global administrator role for an existing user.

Administrators who forget their passwords can use the password self-reset process to regain access to their accounts. To use this feature, both a mobile phone number that can receive a text message and an alternate email address that is not tied to your Windows Azure subscription must be included with an administrator’s information.

  1. In the Management Portal, click Active Directory, and then click on the name of your organization’s directory.

  2. On the Users page, click the display name of the user you want to edit.

  3. Select the Organizational Role drop-down menu, and then select Global Administrator to assign an admin role or User to remove an existing admin role. If you select Global Administrator, provide additional information as explained in the next two steps.

  4. In the Alternate Email Address box, type an email address. This email address is used for important notifications, including password self-reset, so the user must be able to access the email account whether or not the user can access Windows Azure.

  5. When you have finished, click Save.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.