Subscriptions should have between two and three owners

azure
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

The Owner role grants full control over all subscription resources, including the ability to assign roles to other users. Maintain two to three Owner role assignments per subscription to balance operational availability and least-privilege access. At least two Owners ensure continuity, while limiting assignments to three reduces the impact of a compromised account.

This rule counts distinct principals assigned the Owner role at the subscription scope, including users, groups, service principals, and managed identities.

Remediation

Review Owner role assignments in the Azure portal under the subscription’s Access control (IAM) blade. Remove excess owners or add a second owner as needed to reach the 2–3 range. For details on the Owner built-in role, see Azure built-in roles — Owner.