fbpx Skip to content

Azure AD Role Based Access Control

To control permissions for Azure AD resource management, you use Azure AD roles. In the real world, for example, you’ll have users who are responsible only for creating and managing user accounts, you’ll have users who are responsible only for managing billing information, and you’ll have users responsible for many other tasks. To support these requirements, Azure AD provide built-in roles and custom roles.


In this lecture, you are introduced to the concept of Role-Based Access Control (RBAC) within Azure Active Directory (Azure AD). The focus is on managing permissions and providing appropriate access to users based on their roles within an organization. Key topics include the differentiation between built-in roles and custom roles in Azure AD, and how these roles are used to control access to resources.

The lecture covers the importance of built-in roles such as the Global Administrator, User Administrator, and Billing Administrator, each with specific privileges. For instance, a Global Administrator has access to all administrative features in Azure AD, while a User Administrator has control over users and groups, and a Billing Administrator manages financial aspects.

Additionally, you will learn about creating custom roles for situations where the built-in roles do not meet the specific needs of the organization. The process involves creating a custom role definition with a collection of permissions and then assigning it to a user. This two-step process allows for granular control over permissions at either an organization-wide scope or at an object scope, such as a single application.

The lecture also explains that to use custom roles, an Azure AD Premium P1 or P2 license is necessary. Furthermore, it highlights the use of RBAC in environments where privileged identity management is enabled, offering the option between eligible assignments, which require the user to take an action to use the role, and active assignments, where the user has the role’s privileges at all times without additional actions.

This comprehensive overview equips you with the understanding of how to manage and assign roles within Azure AD to ensure proper security and functionality in managing Azure AD resources.

© 2023 Thomas J Mitchell / TomTeachesIT