Manually correct CSP RBAC roles in Azure after transfer.
When transferring a CSP Azure plan Microsoft currently doesn’t remove the old CSP and adds the new CSP in the roles.
This has to be manually changed but will be automated in the future.
prerequisite
- Local admin has to be “Owner” on the subscription.
- “Copaco Cloud B.V.” is not yet listed as “owner”.
- Subscription has to be transferred to “Copaco Cloud B.V.”
If your local admin can not access the subscription you can use elevated admin access to gain access.
Once you activated this you can access ALL resources as admin and add yourself as “owner” before removing Elevated access again.
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
Open Powershell as admin
start menu
Run the following command where “EXAMPLE.onmicrosoft.com” is your tenant
CODEInstall-Module -Name Az.Resources -Force -Verbose Import-Module -Name Az.Resources -Verbose -MinimumVersion 4.1.1 Connect-AzAccount -Tenant "EXAMPLE.onmicrosoft.com"
You will be prompted with a signing screen, please login with a local (not a global reseller account) administrator of the tenant with “owner” roles on the subscription.
Sign-in
Run the following command where “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX” is your Azure subscription ID, do not change the ObjectId
POWERSHELLSet-AzContext -SubscriptionId "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX" New-AzRoleAssignment -ObjectId "b3132976-b568-4bcd-9528-2f61053d1cce" -RoleDefinitionName "Owner" -Scope "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX" -ObjectType "ForeignGroup"
Repeat step 4 for every subscription that is lacking our roles.
Remove any old CSP roles that are no longer needed on the subscription.

Azure IAM
If you are experiencing issues please contact support or mail us at support@2tcloud.com and we will assist you.