Azure custom administrator roles should be disabled


Avoid the use of custom administrator roles, as they are error prone. Instead, use Azure’s built-in least privilege ‘job’ roles. Audit and remove custom roles if at all possible.


To remove a custom role in Azure using the portal, follow the steps below:

  1. Log into the Azure portal and navigate to Subscriptions.
  2. Select the specific subscription, then under Settings, click Access control (IAM).
  3. In the Roles section, find and select the custom role you want to remove.
  4. Click Delete and confirm by clicking Yes.

Note: Removing roles can impact access for users and groups assigned to these roles.