Foreign Principal is what allows SoftwareOne to interact with their customers’ subscriptions through federated access and provide the necessary support within the scope of Azure.
The following roles are required: Reader, Support Request Contributor.
|
Scenario / Role Assignment |
Reader + Support Request Contributor |
Reader |
|---|---|---|
|
Manage all resources (full admin) |
✖ |
✖ |
|
View and troubleshoot resources |
✔ |
✔ |
|
Open and manage Microsoft support requests |
✔ |
✖ |
To verify a Partner’s access through Foreign Principal, navigate to the Subscription - Access Control (IAM) - Role Assignments.
Security and Governance Considerations:
Foreign Principals are a standard and expected configuration in CSP-managed environments. Their access is governed through Azure Role-Based Access Control (RBAC) and is limited to the roles assigned by the customer. Customers can review or modify these permissions at any time to ensure they align with their support agreement and security policies.
Important Note
Foreign Principals:
• Do not impact Azure pricing or billing
• Do not represent Azure resources
• Only provide identity-based access for management and support activities
They are used solely to enable secure cross-tenant administration and collaboration between the customer and SoftwareOne.
It is not recommended to remove Foreign principal roles. If removed, SoftwareOne cannot provide any support or raise Microsoft tickets on behalf of the customer.