Changing Service Administrator and Co-Administrator when logged-in with an organizational account

User can login to Microsoft Azure classic portal using two methods: individuals can log in using a Microsoft Account and organisational employees can log in using an organisational account. This article describes changes to the Service Administrator and Co-Administrator functionality if you login with either method.

As a review, here’s a brief description of Service Administrator and Co-Administrator functionality:

  • The Service Administrator is a property of each Azure subscription, and it represents a person who can login to the Developer Portal and develop against a subscription (e.g. deploy to it or create new resources). Typically, an Account Administrator purchases an Azure subscription, makes his or her developer the Service Administrator and now the developer can login to the Developer Portal. A Service Administrator cannot see the subscription’s billing details in the Billing Portal. The Service Administrator can only be changed in the Billing Portal.
  • A Co-Administrator is very similar to the Service Administrator, with a small difference – they are added from within the Developer Portal and there can be multiple Co-Administrators for a subscription but only one Service Administrator. Similar to the Service Administrator, a Co-Administrator cannot see billing details.

Here are the changes to Service Administrator and Co-Administrator functionality, with the introduction of the ability to login to Azure with an organizational account:

Login Method Add Microsoft Account as Co-Administrator or Service Administrator? Add organizational account in the same organization as Co-Administrator or Service Administrator? Add organizational account in different organization as Co-Administrator or Service Administrator?
Microsoft Account Yes No No
Organizational Account Yes Yes No
  • If you are logged in with a Microsoft Account, you can only add other Microsoft Accounts as Service Administrator or Co-Administrator. This is a security consideration to prevent non-organizational accounts from discovering if certain accounts (e.g. janedoe@contoso.com) are valid accounts.
  • If you are logged in with an organizational account, you can add other organizational accounts in your organization as Service Administrator or Co-Administrator. For example, abby@contoso.com can add bob@contoso.com as Service Administrator or Co-Administrator, but cannot add john@notcontoso.com. Users logged in with organizational accounts can continue to add Microsoft Account users as Service Administrator or Co-Administrator.