azure-resource-manager azure-rm-template azure-management-groups

How to move subscription under management group using ARM templates?

How can I move a subscription under a management group via an ARM template? This should be possible via the following resource provider: Microsoft.Management managementGroups/subscriptions template reference

I tried to define the subscription child resource in two ways but both deployments are failing with the same error: 'error': {'code': 'InternalServerError', 'message': "(...) 500 - Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed. (...)" } }.

Option 1:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "managementGroupName": {
            "type": "String",
            "metadata": {
                "description": "The management group to be configured"
            }
        },
        "childSubscription": {
            "type": "String",
            "metadata": {
                "description": "The list of child subscription IDs of the management group"
            }
        }
    },
    "variables": {},
    "functions": [],
    "resources": [
        {
            "type": "Microsoft.Management/managementGroups",
            "apiVersion": "2019-11-01",
            "name": "[parameters('managementGroupName')]",
            "resources": [
                {
                    "type": "subscriptions",
                    "apiVersion": "2020-05-01",
                    "name": "[parameters('childSubscription')]",
                    "dependsOn": [
                        "[parameters('managementGroupName')]"
                    ]
                }
            ]
        }
    ],
    "outputs": {}
}

Option 2:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "managementGroupName": {
            "type": "String",
            "metadata": {
                "description": "The management group to be configured"
            }
        },
        "childSubscription": {
            "type": "String",
            "metadata": {
                "description": "The list of child subscription IDs of the management group"
            }
        }
    },
    "variables": {},
    "functions": [],
    "resources": [
        {
            "type": "Microsoft.Management/managementGroups/subscriptions",
            "apiVersion": "2020-05-01",
            "name": "[concat(parameters('managementGroupName'), '/', parameters('childSubscription'))]"
        }
    ],
    "outputs": {}
}

Solution

The deployment must be done at tenant level instead of management group level. The resource definition then becomes:

{
  "type": "Microsoft.Management/managementGroups",
  "apiVersion": "2019-11-01",
  "name": "[variables('managementGroupName')]",
  "properties": {},
  "resources": [
    {
      "type": "subscriptions",
      "apiVersion": "2020-05-01",
      "name": "[parameters('childSubscriptionId')]",
      "dependsOn": [
        "[variables('managementGroupName')]"
      ]
    }
  ]
}