Microsoft Azure Account Hierarchy of Control

Learn about Enterprise administrator roles in Azure.
Written by Paayi Tech |01-Aug-2020 | 0 Comments | 659 Views

Let's start our journey from Azure Account hierarchy, and if you're working in an enterprise, then you have this account called Azure enterprise agreement (EA). The primary goal of Azure Enterprise agreement(EA) is to handle azure services and subscriptions on a global scale. Inside this portal, you can use languages of your choice, tools you want and framework you like. It ensures that your On-premises and cloud environments work consistently across the environment.


Microsoft azure account hierarchy image

Microsoft Azure Account hierarchy image


If you want to administer Microsoft Azure services in your environment, then you can get a lot four types of distinct administrative roles.

  1. Enterprise Admin
  2. Department Admin,
  3. Account Owner
  4. Service admin.


To login into Azure Enterprise portal, you have to use this URL --

Only Enterprise admins and department admins can log in into Enterprise Portal.


Enterprise Administrator

If you are enterprise admin then you can add another enterprise admins, department admins, and associated accounts to the enrolment. Enterprise admins can view the usage and all kind of charges across all accounts and subscriptions. They can view all kinds of monetary commitment balance associated with the enrollment. An Enterprise can make any number of Enterprise Admins and they can also ass a notifications contact that can receive all email notifications.


Department Administrator -

If you are department admin then you can edit the name of their department and cost cent, department admin can manage another department admins. Department admin can add or remove accounts from their departments; department admin can view charges if that feature is approved by Enterprise administrator.


Now if you are Account Owner, then you are not allowed in login into, and you have separate Url called


Account Owner - 

If you are account owner then you can add subscriptions to their account, the Account owner can add or remove service administrator and Co-Administrator for an individual subscription. The account owner can view the usage of their account data and charges if this feature is enabled by enterprise admin. They don't have the rights to see financial commitment balance.


Service Administrator -

If you are service admin then you can add to 199 co-owners per subscription. All 199 co-owners have the ability to access and manage subscriptions & development projects in Azure Management Portal. The service admins don't have permissions to login into Enterprise Portal. You can also set subscription roles from RBAC(Role based access control) with roles defines In Azure AD.



Login/Sign Up


Related Posts

© Copyright 2020, All Rights Reserved.

This site uses cookies. By continuing to use this site or clicking "I Agree", you agree to the use of cookies. Read our cookies policy and privacy statement for more information.