@@ -172,7 +172,7 @@ change with the inclusion of management groups. Use the full path to define the
172172** /providers/Microsoft.Management/managementgroups/{groupId}** .
173173
174174Use the management group's ID and not the management group's display name. This common error happens
175- since both are custom defined fields when creating a management group.
175+ since both are custom- defined fields when creating a management group.
176176
177177``` json
178178...
@@ -209,14 +209,14 @@ since both are custom defined fields when creating a management group.
209209
210210Role definitions are assignable scope anywhere within the management group hierarchy. A role
211211definition can be defined on a parent management group while the actual role assignment exists on
212- the child subscription. Since there is a relationship between the two items, you will receive an
213- error when trying to separate the assignment from its definition.
212+ the child subscription. Since there's a relationship between the two items, you'll receive an error
213+ when trying to separate the assignment from its definition.
214214
215215For example, let's look at a small section of a hierarchy for a visual.
216216
217217:::image type="content" source="./media/subtree.png" alt-text="sub-tree" border="false":::
218218
219- Let's say there is a custom role defined on the Marketing management group. That custom role is then
219+ Let's say there's a custom role defined on the Marketing management group. That custom role is then
220220assigned on the two free trial subscriptions.
221221
222222If we try to move one of those subscriptions to be a child of the Production management group, this
@@ -225,7 +225,7 @@ definition. In this scenario, you'll receive an error saying the move isn't allo
225225break this relationship.
226226
227227There are a couple different options to fix this scenario:
228- - Remove the role assignment from the subscription prior to moving the subscription to a new parent
228+ - Remove the role assignment from the subscription before moving the subscription to a new parent
229229 MG.
230230- Add the subscription to the Role Definition's assignable scope.
231231- Change the assignable scope within the role definition. In the above example, you can update the
@@ -240,20 +240,20 @@ There are limitations that exist when using custom roles on management groups.
240240
241241 - You can only define one management group in the assignable scopes of a new role. This limitation
242242 is in place to reduce the number of situations where role definitions and role assignments are
243- disconnected. This happens when a subscription or management group with a role assignment is
244- moved to a different parent that doesn't have the role definition.
245- - RBAC Data Plane actions aren 't allowed to be defined in management group custom roles. This
246- restriction is in place as there is a latency issue with RBAC actions updating the data plane
247- resource providers. This latency issue is being worked on and these actions will be disabled from
248- the role definition to reduce any risks.
243+ disconnected. This situation happens when a subscription or management group with a role
244+ assignment is moved to a different parent that doesn't have the role definition.
245+ - RBAC Data Plane actions can 't be defined in management group custom roles. This restriction is in
246+ place as there's a latency issue with RBAC actions updating the data plane resource providers.
247+ This latency issue is being worked on and these actions will be disabled from the role definition
248+ to reduce any risks.
249249 - The Azure Resource Manager doesn't validate the management group's existence in the role
250- definition's assignable scope. If there is a typo or a incorrect management group ID listed, the
250+ definition's assignable scope. If there's a typo or an incorrect management group ID listed, the
251251 role definition will still be created.
252252
253253## Moving management groups and subscriptions
254254
255- To a management group or subscription to be a child of another management group, three rules need to
256- be evaluated as true.
255+ To move a management group or subscription to be a child of another management group, three rules
256+ need to be evaluated as true.
257257
258258If you're doing the move action, you need:
259259
0 commit comments