Very new to Azure and haven't been able to figure out how to manage users roles. We have a few admins setup that login to https://manage.windowsazure.com with an email of firstname.lastname@ourdomain.onmicrosoft.com. These few admins have access to create new services, services, etc. However we've setup dirsync to sync our active directory to the Azure AD so our domain users can create website, spin up VM's, etc.
The problem is when a user logs into their account (firstname.lastname@ourdomain.com)they get the message 'You dont have any subscriptions' Now if an admin adds them as a co-administrator they are able to login. It seems the AD sync is working so just need to figure out the permissions now.
However we would like to lock this down to only specific sections, like certian users can create websites, other users can only create vms, and so on.
Is this possible with Azure? If so where can I manage the Roles and access to these features.
Thanks!
Best Answer
With the classic portal, only co-admins can access a subscription. The Azure Resource Manager features of the new portal, you'll be able to more finely control the access within a subscription. The official documentation is here - https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/