Skip to main content
Skip table of contents

Manually correct CSP RBAC roles in Azure after transfer.

When transferring a CSP Azure plan Microsoft currently doesn’t remove the old CSP and adds the new CSP in the roles.
This has to be manually changed but will be automated in the future.

- Local admin has to be “Owner” on the subscription.
- “Copaco Cloud B.V.” is not yet listed as “owner”.
- Subscription has to be transferred to “Copaco Cloud B.V.”

If your local admin can not access the subscription you can use elevated admin access to gain access.
Once you activated this you can access ALL resources as admin and add yourself as “owner” before removing Elevated access again.

  1. Open Powershell as admin

    start menu

  2. Run the following command where “” is your tenant

    Install-Module -Name Az.Resources -Force -Verbose
    Import-Module -Name Az.Resources -Verbose -MinimumVersion 4.1.1
    Connect-AzAccount -Tenant ""

  3. You will be prompted with a signing screen, please login with a local (not a global reseller account) administrator of the tenant with “owner” roles on the subscription.


  4. Run the following command where “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX” is your Azure subscription ID, do not change the ObjectId

    New-AzRoleAssignment -ObjectId "b3132976-b568-4bcd-9528-2f61053d1cce" -RoleDefinitionName "Owner" -Scope "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX" -ObjectType "ForeignGroup"

  5. Repeat step 4 for every subscription that is lacking our roles.

  6. Remove any old CSP roles that are no longer needed on the subscription.

Azure IAM

If you are experiencing issues please contact support or mail us at and we will assist you.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.