Changing Service Administrator and Co-Administrator when logged in with an organisational account

Users can log in to Microsoft Azure classic portal using two methods: individuals can log in using a Microsoft Account and organisational employees can log in using an organisational account. This article describes changes to the Service Administrator and Co-Administrator functionality if you log in with either method.

As a review, here’s a brief description of Service Administrator and Co-Administrator functionality:

  • The Service Administrator is a property of each Azure subscription, and it represents a person who can log in to the Developer Portal and develop against a subscription (e.g. deploy to it or create new resources). Typically, an Account Administrator purchases an Azure subscription and makes their developer the Service Administrator, then the developer can log in to the Developer Portal. A Service Administrator cannot see the subscription’s billing details in the Billing Portal. The Service Administrator can only be changed in the Billing Portal.
  • A Co-Administrator is very similar to the Service Administrator, with a small difference – they are added from within the Developer Portal and there can be multiple Co-Administrators for a subscription but only one Service Administrator. Similar to the Service Administrator, a Co-Administrator cannot see billing details.

Here are the changes to Service Administrator and Co-Administrator functionality, with the introduction of the ability to log in to Azure with an organisational account:

Login Method Add Microsoft Account as Co-Administrator or Service Administrator? Add organisational account in the same organisation as Co-Administrator or Service Administrator? Add organisational account in different organisation as Co-Administrator or Service Administrator?
Microsoft Account Yes No No
Organisational Account Yes Yes No
  • If you are logged in with a Microsoft Account, you can only add other Microsoft Accounts as Service Administrator or Co-Administrator. This is a security consideration to prevent non-organisational accounts from discovering whether certain accounts (e.g. janesmith@contoso.com) are valid accounts.
  • If you are logged in with an organisational account, you can add other organisational accounts in your organisation as Service Administrator or Co-Administrator. For example, abby@contoso.com can add bob@contoso.com as Service Administrator or Co-Administrator, but cannot add john@notcontoso.com. Users logged in with organisational accounts can continue to add Microsoft Account users as Service Administrator or Co-Administrator.