Ensure there are at least two subscription owners designated for your Microsoft Azure account subscription in order to provide administrator access redundancy.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To manage access to your Azure cloud resources, you must have the appropriate administrator role. For access redundancy, a minimum number of two owners should be assigned to a Microsoft Azure subscription. To make a user an owner of an Azure subscription, an existing administrator assigns them the Owner role at the subscription level. The Owner role gives the user full access to all Azure resources available within the subscription, including the right to delegate access to other users.
Audit
To determine if your Microsoft Azure subscriptions have at least two subscription owners assigned, perform the following actions:
Remediation / Resolution
To assign a co-owner to your Microsoft Azure account subscriptions in order to provide administrator access redundancy at the subscription level, perform the following actions:
References
- Azure Official Documentation
- Add or remove Azure role assignments using the Azure portal
- Add or change Azure subscription administrators
- Azure Command Line Interface (CLI) Documentation
- az account list
- az role assignment list
- az role assignment create