Azure custom administrator roles should be disabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Avoid the use of custom administrator roles, as they are error prone. Instead, use Azure’s built-in least privilege ‘job’ roles. Audit and remove custom roles if at all possible.

Remediation

To remove a custom role in Azure using the portal, follow the steps below:

  1. Log into the Azure portal and navigate to Subscriptions.
  2. Select the specific subscription, then under Settings, click Access control (IAM).
  3. In the Roles section, find and select the custom role you want to remove.
  4. Click Delete and confirm by clicking Yes.

Note: Removing roles can impact access for users and groups assigned to these roles.