Recently i had to add custom roles to our management group and since this is not supported through the GUI i had to go through powershell.
Create the .json file first and set your management group in the assignable scope section.
{ "Name": "Start VM on Connect", "Id": null, "IsCustom": true, "Description": "Allowed starting up VMs", "Actions": [ "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/read" ], "NotActions": [], "AssignableScopes": [ "/providers/Microsoft.Management/managementGroups/mgmt-wvd" ] }
After that, run the following command specifying the json file you setup.
New-AzRoleDefinition -InputFile C:\temp\RBAC.json
Thats it 🙂