Azure custom administrator roles should be disabled

Description

Avoid the use of custom administrator roles, as they are error prone. Instead, use Azure’s built-in least privilege ‘job’ roles. Audit and remove custom roles if at all possible.

Remediation

To remove a custom role in Azure using the portal, follow the steps below:

  1. Log into the Azure portal and navigate to Subscriptions.
  2. Select the specific subscription, then under Settings, click Access control (IAM).
  3. In the Roles section, find and select the custom role you want to remove.
  4. Click Delete and confirm by clicking Yes.

Note: Removing roles can impact access for users and groups assigned to these roles.