Manage / debug virtual machines on someone elses azure subscription

Question

I have two users, A and B. Both users have azure subscriptions. User A creates a VM, running some software, but wants to grant User B access to administer / debug this virtual machine.

Weve added User B as an owner of the virtual machine on User A's subcription, but they are not able to see the virtual machine.

1. Is there a way of doing this?
2. If there is, are we going about it the right way?

Answer 1

Is there a way of doing this?

Yes, we can do this, we can invite user B to manager user A resource group.

are we going about it the right way?

We can do it via Azure portal.

1.Invite a guest via Azure portal, like this:

After that completed, Azure will send a email to that email address, user B should accept it, then we can find user B add to your Azure AD users list.

2.Grant resource group permission to this account,like this:

After that, user B reload Azure portal, then will find another directory in his portal, we can change it via portal. change to that directory, user B will find the resource group.

We can change another directory via Azure portal like this:

In this way, we can share an Azure resource group to another user out of your Azure AD.

About Azure built-in roles, please refer to this article.

By the way, as Peter said, we can't use user B account to login your Azure VM.

Answer 2

Don't try and administer the virtual machine using the web console. Get User A to provide the IP address they're using to log onto the machine to user B. Make sure that user B has an account on the virtual machine, and connect to that machine via RDP (username/password) or ssh (certificate/key) depending on your flavour.

RBAC manages authorization for Azure only, not the machines created within Azure.