Manually correct CSP RBAC roles in Azure after transfer.

When transferring a CSP Azure plan Microsoft currently doesn’t remove the old CSP and adds the new CSP in the roles.
This has to be manually changed but will be automated in the future.

prerequisite
- Local admin has to be “Owner” on the subscription.
- “Copaco Cloud B.V.” is not yet listed as “owner”.
- Subscription has to be transferred to “Copaco Cloud B.V.”

If your local admin can not access the subscription you can use elevated admin access to gain access.
Once you activated this you can access ALL resources as admin and add yourself as “owner” before removing Elevated access again.
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin

1. Open Powershell as admin
   

   

   
   

2. Run the following command where “EXAMPLE.onmicrosoft.com” is your tenant
   

   CODE

   Install-Module -Name Az.Resources -Force -Verbose
   Import-Module -Name Az.Resources -Verbose -MinimumVersion 4.1.1
   Connect-AzAccount -Tenant "EXAMPLE.onmicrosoft.com"

3. You will be prompted with a signing screen, please login with a local (not a global reseller account) administrator of the tenant with “owner” roles on the subscription.
   

   

4. Run the following command where “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX” is your Azure subscription ID, do not change the ObjectId
   

   POWERSHELL

   Set-AzContext -SubscriptionId "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"
   New-AzRoleAssignment -ObjectId "b3132976-b568-4bcd-9528-2f61053d1cce" -RoleDefinitionName "Owner" -Scope "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX" -ObjectType "ForeignGroup"

5. Repeat step 4 for every subscription that is lacking our roles.
   

6. Remove any old CSP roles that are no longer needed on the subscription.

If you are experiencing issues please contact support or mail us at support@2tcloud.com and we will assist you.