[AOE] Fixes Azure RBAC assignments exports after Classic administrators endpoint removal

[helderpinto]

🛠️ Description

Fixes Azure RBAC assignments exports after Classic administrators endpoint removal by the Azure Resource Manager team on May 1, 2026 (see bug issue for more details).

Includes also runbook version catch-up bumps for #2099 and #2102.

Fixes #2142

📋 Checklist

🔬 How did you test this change?

• 🤏 Lint tests
• 🤞 PS -WhatIf / az validate
• 👍 Manually deployed + verified
• 💪 Unit tests
• 🙌 Integration tests

📦 Deploy to test?

• Hubs + ADX (managed)
• Hubs + Fabric (manual) — URI:
• Hubs (manual)
• Hubs (no data)
• Workbooks
• Alerts

🙋‍♀️ Do any of the following that apply?

• 🚨 This is a breaking change.
• 🤏 The change is less than 20 lines of code.

📑 Did you update docs/changelog.md?

• ✅ Updated changelog (required for dev PRs)
• ➡️ Will add log in a future PR (feature branch PRs only)
• ❎ Log not needed (small/internal change)

📖 Did you update documentation?

• ✅ Public docs in docs (required for dev)
• ✅ Public docs in docs-mslearn (required for dev)
• ✅ Internal dev docs in docs-wiki (required for dev)
• ✅ Internal dev docs in src (required for dev)
• ➡️ Will add docs in a future PR (feature branch PRs only)
• ❎ Docs not needed (small/internal change)

[Copilot]

Pull request overview

Fixes Azure Optimization Engine (AOE) RBAC assignment exports that started failing after Azure’s Classic administrators endpoint removal (May 1, 2026), by updating the RBAC export runbook and aligning deployment metadata.

Changes:

• Removed -IncludeClassicAdministrators from the RBAC export runbook’s Get-AzRoleAssignment call.
• Bumped runbook version references in the optimization engine upgrade manifest and nested deployment template.
• Added a changelog entry referencing the fix.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
src/optimization-engine/upgrade-manifest.json	Updates runbook version metadata for AOE upgrades (includes RBAC export runbook).
src/optimization-engine/runbooks/data-collection/Export-RBACAssignmentsToBlobStorage.ps1	Removes the Classic administrators switch from RBAC export collection to avoid ARM 404 failures.
src/optimization-engine/azuredeploy-nested.bicep	Updates runbook version metadata used by the nested AOE deployment template.
docs-mslearn/toolkit/changelog.md	Adds a changelog note about the RBAC export fix.

Comments suppressed due to low confidence (2)

src/optimization-engine/upgrade-manifest.json:708

• This PR only changes the RBAC export runbook, but this manifest also bumps Export-ReservationsPriceToBlobStorage.ps1 to 1.1.0.0. If that runbook/script wasn’t changed in this PR, revert this version bump (or document the reason for it and include the corresponding code changes).

        {
            "runbook": {
                "name": "runbooks/data-collection/Export-ReservationsPriceToBlobStorage.ps1",
                "version": "1.1.0.0"
            },

src/optimization-engine/azuredeploy-nested.bicep:1067

• This PR focuses on fixing RBAC exports, but this template also bumps the Price Sheet export runbook version to 1.2.0.0. If the runbook content wasn’t updated in this PR, revert the version change to avoid forcing an unnecessary upgrade (or include/explain the corresponding runbook changes).

  {
    name: priceSheetExportsRunbookName
    version: '1.2.0.0'
    description: 'Exports Price Sheet to Blob Storage using the EA or MCA APIs'
    type: 'PowerShell'
    scriptUri: uri(templateLocation, 'runbooks/data-collection/${priceSheetExportsRunbookName}.ps1')

[flanakin]

🤖 [AI][Claude Sonnet 4.6] PR Review

Summary: Clean, targeted fix that correctly removes the deprecated -IncludeClassicAdministrators flag and the associated Classic administrator endpoint call. Version bumps are consistent across the template and upgrade manifest. One minor wording nit in the changelog entry.

[RolandKrummenacher]

Review

Core fix matches the workaround in #2142 — small, targeted, correct. LGTM with two notes:

1. Dead code left behind

After removing -IncludeClassicAdministrators, the Model = "AzureClassic" branch around L109-L121 is unreachable — Get-AzRoleAssignment without that switch only returns ARM assignments, so ObjectId will always be populated. The whole branch can be deleted.

Worth confirming first: are there any downstream KQL queries / Power BI reports that filter on Model = "AzureClassic"? Those will silently drop to zero rows after this fix. Cleanup could be a follow-up PR.

2. Unrelated version bumps need a note

The PR also bumps two unrelated runbook versions in both azuredeploy-nested.bicep and upgrade-manifest.json:

• Export-PriceSheetToBlobStorage: 1.1.2.0 → 1.2.0.0
• Export-ReservationsPriceToBlobStorage: 1.0.2.0 → 1.1.0.0

The PS1 files themselves aren't touched here — the commit message clarifies these are catch-up bumps for #2099 and #2102. Two suggestions:

• Add a line to the PR description noting the catch-up so reviewers aren't confused
• The underlying changes were resilience/API updates, not new features — should these be patch bumps (1.1.3.0, 1.0.3.0) instead of minor? Minor bumps imply customer action

Changelog entry placement looks correct ✅

[helderpinto]

Worth confirming first: are there any downstream KQL queries / Power BI reports that filter on Model = "AzureClassic"? Those will silently drop to zero rows after this fix. Cleanup could be a follow-up PR.

Thank you for the review, @RolandKrummenacher. I just committed a couple of fixes. Regarding the comment above, yes, there are some workbooks/runbooks that might have logic tied to Classic assignments. This will be the subject of a follow-up PR.