2

I am a global administrator and when I run the command Get-AzManagementGroup I get the following error:

Get-AzManagementGroup : The client 'live.com#kellygarcia9@yahoo.co.uk' with object id 'bd24ab44-e034-439e-8a02-756d1e3557a3' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management' or the scope is invalid. If access was recently granted, please refresh your credentials. At line:1 char:1 + Get-AzManagementGroup + ~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Get-AzManagementGroup], CloudException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.ManagementGroups.GetAzureRmManagementGroup

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
kay106
  • 65
  • 5
  • this error also happens when you do not have any management groups ... after creating a management group and assigning an existing subscription into this new management group then the command will run OK – Scott Stensland Mar 14 '22 at 17:19

2 Answers2

1

the error clearly indicates that you dont have permissions to perform the action. you'd need to grant yourself using account which has permissions to do that (or ask somebody to grant you those).

Here's the specific permission you need: Microsoft.Management/managementGroups/read

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
1

You will have to get user access administrator role to manage management groups

https://i.stack.imgur.com/UgnPA.png

https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory

Hannel
  • 1,656
  • 3
  • 10
  • 17