You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/cost-management-billing/manage/manage-azure-subscription-policy.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.author: presharm
12
12
13
13
# Manage Azure subscription policies
14
14
15
-
This article helps you to configure Azure subscription policies to control the movement of Azure subscriptions from and into directories. The default behavior of these two policies is set to "Allow Everyone”. Please note that the setting of “Allow Everyone” allows all authorized users, including authorized guest users on a subscription to be able to transfer them. It does not mean all users of a directory.
15
+
This article helps you to configure Azure subscription policies to control the movement of Azure subscriptions from and into directories. The default behavior of these two policies is set to **Allow Everyone**. Note that the setting of **Allow Everyone** allows all authorized users, including authorized guest users on a subscription to be able to transfer them. It does not mean all users of a directory.
16
16
17
17
## Prerequisites
18
18
@@ -27,23 +27,23 @@ Use the following policy settings to control the movement of Azure subscriptions
27
27
### Subscriptions leaving a Microsoft Entra ID directory
28
28
29
29
The policy allows or stops users from moving subscriptions out of the current directory. [Subscription owners](../../role-based-access-control/built-in-roles.md#owner) can [change the directory of an Azure subscription](../../active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md) or use transfer features available on the Azure portal and API’s to another directory where they're a member. Global administrators can allow or disallow directory users from changing the directory or transfer of subscriptions.
30
-
- Set this policy to “Permit no one” if you do not want subscriptions to be transferred out of your directory. This policy applies to all authorized subscriptions users including authorized guest users of your directory.
31
-
- Set this policy to “Allow Everyone” if you want all authorized users including authorized guest users to be able to transfer subscriptions out of your directory.
30
+
- Set this policy to **Permit no one** if you do not want subscriptions to be transferred out of your directory. This policy applies to all authorized subscriptions users including authorized guest users of your directory.
31
+
- Set this policy to **Allow Everyone** if you want all authorized users including authorized guest users to be able to transfer subscriptions out of your directory.
32
32
33
33
### Subscriptions entering a Microsoft Entra ID directory
34
34
35
35
The policy allows or stops users from other directories, who have access in the current directory, to move subscriptions into the current directory. [Subscription owners](../../role-based-access-control/built-in-roles.md#owner) can [change the directory of an Azure subscription](../../active-directory/fundamentals/active-directory-how-subscriptions-associated-directory.md) or transfer them to another directory where they're a member. Global administrators can allow or disallow directory users from transferring these subscriptions.
36
-
- Set this policy to “Permit no one” if you do not want subscriptions to be transferred into your directory. This policy applies to all authorized users, including authorized guest users of your directory.
37
-
- Set this policy to “Allow Everyone” if you want all authorized users, including authorized guest users in your directory to be able to transfer subscriptions into your directory.
36
+
- Set this policy to **Permit no one** if you do not want subscriptions to be transferred into your directory. This policy applies to all authorized users, including authorized guest users of your directory.
37
+
- Set this policy to **Allow Everyone** if you want all authorized users, including authorized guest users in your directory to be able to transfer subscriptions into your directory.
38
38
39
39
### Exempted Users
40
40
41
41
For governance reasons, global administrators can block all subscription directory moves - in to or out of the current directory. However they might want to allow specific users to do both operations. For both situations, they can configure a list of exempted users that allows these users to bypass all the policy settings that apply to everyone else.
42
42
43
43
#### Important note
44
44
Authorized users (including guest users) in your directory can create Azure subscriptions in another directory where they have billing permissions and then transfer those subscriptions into your Entra ID directory. If you don't want to allow this, you should set one or both of the following policies:
45
-
- Subscriptions leaving Entra ID directory should be set to 'Permit no one'.
46
-
- Subscriptions entering Entra ID directory should be set to 'Permit no one'.
45
+
- Subscriptions leaving Entra ID directory should be set to **Permit no one**.
46
+
- Subscriptions entering Entra ID directory should be set to **Permit no one**.
0 commit comments