0

I want to automate the process of creating a new Azure subscription and add all the necessary custom roles and resources required for a new environment. The problem I'm stuck on is the first step of creating the new subscription.

I created an app and gave it the role Azure subscription creator at the invoice profile level, but when I run my script, the line with New-AzSubscriptionAlias keeps throwing an error:

"You do not have sufficient permissions on the specified invoice section to create an Azure subscription. Refer(http://aka.ms/mca-section-invoice) to set the right permissions and try again"

For some reason, this issue also occurs when I run the code directly in the CLI with my user, who has the same assigned role, even though I'm able to manually create a subscription through the portal.

The line that I try to run is

New-AzSubscriptionAlias -AliasName "test" -SubscriptionName "test" 
   -BillingScope "/providers/Microsoft.Billing/billingAccounts/****/billingProfiles/****/invoiceSections/****" 
   -Workload "DevTest"

Is there some difference in the permissions you do in the portal compared to the CLI?

Improve this question

1 Answer 1

Reset to default
0

As said in the documentation of the New-AzSubscriptionAlias Function:

Billing scope of the subscription.
For CustomerLed and FieldLed: /billingAccounts/{billingAccountName}/billingProfiles/{billingProfileName}/invoiceSections/{invoiceSectionName}
For PartnerLed: /billingAccounts/{billingAccountName}/customers/{customerName}
For Legacy EA: /billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}

You can forget about the last two cases as you probably not doing it as a Partner.
Your current property of -BillingScope is not correct, it is currently trying to use a Azure Resource ID (with providers).

Link: https://learn.microsoft.com/en-us/powershell/module/az.subscription/new-azsubscriptionalias?view=azps-14.1.0

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.