Atleast Two Subscription Owners Should Exist
More Info:
Ensure there are at least two subscription owners designated for your Microsoft Azure account subscription in order to provide administrator access redundancy.Risk Level
MediumAddress
SecurityCompliance Standards
NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “At least two subscription owners should exist” in Azure, you can follow the below steps:
- Log in to the Azure Portal using your credentials.
- Go to the “Subscriptions” option in the left-hand menu.
- Select the subscription that needs to be remediated.
- Click on “Access control (IAM)” in the left-hand menu.
- Click on “Add” and select “Add role assignment”.
- In the “Add role assignment” pane, select “Owner” as the role.
- In the “Select” box, search for the user or group that needs to be added as an owner.
- Click on “Save” to add the user or group as an owner.
Using CLI
Using CLI
To remediate the misconfiguration “Atleast Two Subscription Owners Should Exist” for AZURE using AZURE CLI, follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command:Step 2: Once you are logged in, check the number of subscription owners using the command:Step 3: If the output is less than 2, create a new subscription owner using the command:Replace “NewOwnerName” with the name you want to give to the new subscription owner and "" with your Azure subscription ID.Step 4: Assign the newly created subscription owner to the subscription using the command:Replace “NewOwnerName” with the name of the new subscription owner and "" with your Azure subscription ID.Step 5: Verify the number of subscription owners again using the command:Step 6: If the output is 2 or more, the misconfiguration has been remediated successfully.Note: Repeat the above steps for each Azure subscription that you have.
Using Python
Using Python
To remediate the misconfiguration “At least two subscription owners should exist” in Azure using Python, you can use the Azure SDK for Python. Here are the steps to remediate the misconfiguration:Note: Replace Note: The Note: Replace Note: This step is optional, but it can be helpful to verify that the misconfiguration has been remediated successfully.By following these steps, you can remediate the misconfiguration “At least two subscription owners should exist” in Azure using Python.
- Import the necessary modules:
- Authenticate using the Azure SDK for Python:
subscription_id with the ID of the Azure subscription you want to remediate.- Check the number of subscription owners:
acdd72a7-3385-48ef-bd42-f606fba81ae7 role definition ID is for the Owner role.- If the number of owners is less than 2, add another owner:
your-owner-principal-id with the principal ID of the user or service principal you want to add as an owner.- Verify that there are now at least two subscription owners: