To perform onboarding and offboarding in Azure onto the MontyCloud DAY2 Platform, users need specific roles and permissions. The top row of the table labeled Recommended describes the least permissions required to run the onboarding process. The remaining rows describe permissions that would allow the user to perform onboarding but are more permissive than required.


Required Permissions

Azure Role

Details

Owner + Application Developer

[Recommended]

  • Owner: Owner of the subscription.
  • Application Developer: Azure AD built-in role to create, manage, and delete Service Principals/App Registrations (can delete only Service Principals created by them).

Owner + Application Administrator

  • Owner: Owner of the subscription.
  • Application Administrator: Azure AD built-in role to add, manage, delete, and configure enterprise applications, app registrations.

Owner + Global Administrator

  • Owner: Owner of the subscription.
  • Global Administrator: Azure AD built-in role to manage all aspects of Azure AD and Microsoft services that use Azure AD identities.


Note

Administrator roles such as Application Developer, Application Administrator, etc., can only be assigned to users, groups, managed identities, and applications (Service Principals) by Global Administrators.


Ensuring the correct permissions are assigned is crucial for the successful onboarding and offboarding of your Azure subscription to the MontyCloud DAY2 Platform. Ensure to select the appropriate set of roles based on your organizational requirements and security policies.