1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Managing Azure Subscriptions and Resource Groups

Overview of Admin Roles

Overview of Admin Roles


As an IT professional tasked with managing resources in Azure, it’s important to understand key administrative roles and permissions within a subscription and within a resource group. It’s also important to know how to leverage Role Based Access Control (RBAC) for managing such administrative roles and permissions.

In the first part of this course, you will learn about Azure subscriptions.  You will learn about key roles within a subscription, including the owner role, account administrator role, service administrator role, and the co-administrator role.  You’ll also learn how to manage these roles by using RBAC. We’ll also cover subscription policies and the role they play in the management of an Azure subscription.

In the second part of the course, we’ll talk about resource groups in Azure.  We’ll touch on what they do and how they are managed. You will learn how to secure resources within a resource group via resource policies and resource locks.  You’ll also learn about resource tagging and how it can be used to manage and group Azure resources.

Rounding out this course, we’ll cover the process of moving resources from one resource group to another, as well as the deletion of resource groups altogether.

Learning Objectives

Azure Subscriptions

  • Understand the Owner Role
  • Understand the Account Administrator Role
  • Understand the Co-Administrator Role
  • Understand the Service Administrator Role
  • How to Manage Roles and Permissions with RBAC
  • Understand Subscription Policies

Resource Groups

  • Understanding the Purpose of Resource Groups
  • How to Leverage Resource Group Policies
  • How to Use Resource Locks to Protect Resources
  • How to Leverage Resource Tags  
  • Moving Resources Between Resource Groups
  • Removing Resource Groups

Intended Audience

  • IT Professionals interested in becoming Azure cloud architects
  • IT Professionals preparing for Microsoft’s Azure certification exams


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment


Within an Azure subscription, there are three key administrator roles available for managing the subscription. These roles include the account administrator, the service administrator, and the co-administrator. These administrators have full access to the Azure subscription. As such, they can manage various resources within that subscription. The account that was used to sign up for Azure originally is automatically both the account administrator and the service administrator. Additional co-administrators can also be added to the subscription. The service administrator and the co-administrators have the same access in the subscription as users who have been assigned the owner role. Breaking things down into a bit more detail, the account administrator, which there is only one of, has access to the Azure Account Center and can manage all subscriptions in an Azure account. The account administrator can also create new subscriptions and cancel existing ones. 

Account administrators can change the billing for a subscription and also change the service administrator account. However, the account administrator by itself has no access to the Azure portal. In addition to the account administrator, there is also one service administrator per Azure subscription. The service administrator manages services in the Azure Portal and can assign users to the co-administrator role. In a new subscription, the account administrator is also the service administrator. The service administrator is granted full access to the Azure Portal and has the same access as a user who is assigned the owner role. A co-administrator has the same access as the service administrator. However, a co-admin can't change the association of subscriptions to Azure directories. The co-admin can assign users to the co-administrator role, but cannot change the service administrator. Essentially, the co-admin has the same access as a user who was assigned the owner role. And as far as the co-administrator is concerned, there can be up to 200 co-administrators within a subscription.

About the Author
Learning paths11

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.