You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/copilot/manage-access.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,16 +13,18 @@ author: JnHs
13
13
> [!NOTE]
14
14
> We're currently in the process of rolling out Microsoft Copilot for Azure (preview) to all Azure tenants. We'll remove this note once the functionality is available to all users.
15
15
16
-
Microsoft Copilot for Azure only has access to resources that the user has access to. It can only take actions that the user has permission to perform, and requires confirmation before making changes. Microsoft Copilot for Azure complies with all existing access management rules and protections such as Azure role-based access control (Azure RBAC), Privileged Identity Management, Azure Policy, and resource locks.
16
+
By default, Copilot for Azure is available to all users in a tenant. However, [Global Administrators](/entra/identity/role-based-access-control/permissions-reference#global-administrator) can choose to limit access to Copilot for Azure for their organization. If you turn off access for your tenant, you can still grant access to specific Microsoft Entra users or groups.
17
17
18
-
By default, Copilot for Azure is available to all users in a tenant. However, [Global Administrators](/entra/identity/role-based-access-control/permissions-reference#global-administrator) can choose to limit access to Copilot for Azure for their organization. If you turn access off for your tenant, you can still grant access to specific Microsoft Entra users or groups.
18
+
As always, Microsoft Copilot for Azure only has access to resources that the user has access to. It can only take actions that the user has permission to perform, and requires confirmation before making changes. Copilot for Azure complies with all existing access management rules and protections such as Azure role-based access control (Azure RBAC), Privileged Identity Management, Azure Policy, and resource locks.
## Limit user access to Microsoft Copilot for Azure
23
23
24
24
To limit access to Microsoft Copilot for Azure for users in your tenant, any Global Administrator in that tenant can follow these steps.
25
25
26
+
1.[Elevate your access](/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal#step-1-elevate-access-for-a-global-administrator) so that your Global Administrator account can manage all subscriptions in your tenant.
27
+
26
28
1. In the Azure portal, search for **Copilot for Azure admin center** and select it.
27
29
28
30
1. In **Copilot for Azure admin center**, under **Settings**, select **Access management**.
@@ -33,6 +35,8 @@ To limit access to Microsoft Copilot for Azure for users in your tenant, any Glo
33
35
34
36
1. Assign the **Copilot for Azure User** role to specific users or groups. For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
35
37
38
+
1. When you're finished, [remove your elevated access](/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal#step-2-remove-elevated-access).
39
+
36
40
Global Administrators for a tenant can change the **Access management** selection at any time.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments