How to Authorize MCIT Support Temporary Access to your Azure Subscription

This guide will show you how to authorize access for MCIT to provide temporary support.

Please Follow Both Step One and then Step Two,

Step One: Create Azure AD account & Assign Access

As this one is more complex than the usual support issues we have to manually investigate. The common reason for this is that our access has been blocked.

Log into then go to "azure active directory" and add a new user called "mcitazuresupport@<your azure AD domain>.

Make the user a global administrator under “roles” in Azure Active Directory. 

Share the full username (UPN) and password with MCIT. We will change the password as soon as we log in.

Step Two: Grant Access to the Subscription for the new Account

  1. Sign in to with your owner/administrator account

  2. In the search bar type: Subscriptions then click Subscriptions
    Azure Subscription

  3. Click on the only subscription or if more than one is listed click on the one that has the MCIT deployment
  4. Click “Access control (IAM)” then click “Add a role assignment”
    Access Control
  5. Select “Owner” for the Role field

  6. Select “Azure AD user, group, or service principal” for the Assign access to the field
  7. Find the user named “mcitazuresupport” in the list and select it
    Add Role Assignment

  8. Down the bottom of this role assignment box click on Save

Appendix A: Revoke Access (optional)

  1. Type “users” in the Azure portal search and go to users.
  2. Select the “mcitazuresupport” user
  3. Click the “edit” button above “block sign in”
    MCIT Support

  4. Click “Yes” on the block sign in button and then Save up the top of the page.

If you have any questions about this configuration, please contact us at