AZ-104 Azure RBAC - Understanding Roles in Azure

Manage RBAC

Describing RBAC
Describing Azure Roles
Describing Azure AD Roles
Azure Roles vs Azure AD Roles
RBAC Architecture

Describing RBAC

"Who can do what, where, who what and where"

Describing Azure Roles

Owner: Full access to resources and delegates access to other users
Reader: Provides the ability to view sources, cannot perform actions on resources
contributor: Can create and manage resources
User Access Administrator: Can delegate access to resources

Describing Azure Entra ID Roles

Special set of roles for providing access to manage identity objects inside our azure tenant, to manage user application or devices not resources.
Global Administrator: Provide access to manage AD Resources
Billing Administrator: Perform billing tasks
User Administrator: Can manage users and groups inside Azure Entra ID Tenant
Helpdesk Administrator: perform password resets if SSPR is not enabled.

Microsoft Entra and Azure roles

Microsoft Entra roles and Azure roles are often confused when you first work with Azure. Microsoft Entra roles provide the mechanism for managing permissions to Microsoft Entra resources, like user accounts and passwords. Azure roles provide a wealth of capabilities for managing Azure resources like virtual machines (VMs) at a granular level.

Azure Roles	Microsoft Entra ID Roles
Manage access to Azure resources like VMs, storage, networks, and more	Manage access to Microsoft Entra resources like user accounts and passwords
Multiple scope levels (management group, subscription, resource group, resource)	Scope only at tenant level
Role information accessible through Azure portal, Azure CLI, Azure PowerShell, Azure Resource Manager templates, REST API	Role information accessible in Azure admin portal, Microsoft 365 admin center, Microsoft Graph, Microsoft Graph PowerShell

Azure Roles	Azure Entra ID Roles
Manage access to Azure resources	Manage access to Azure AD Resources at tenant
Scope can be at multiple levels	Scope is at tenant level
Support custom roles	Support custom roles
Main roles: Owner Contributor Reader User Access Administrator	Main roles: Global Administrator User Administrator Billing Administrator

Azure Roles	Azure Entra ID Roles
Control access to azure resources, VMs, Virtual Networks	Control Access to Azure AD REsources, user objects, group devices, ad features
Referred to as Azure RBAC	Built in roles
Built in roles	Custom roles
custom roles	Scope at Azure AD Tenant level, provide access for user that exist inside of our Azure Entra ID tenants to perform administrative functions inside of the tenant itself
Scope at management groups subscription groups resource groups and resources using identities that exist inside our azure AD Tenant

Azure Entra ID Mindmap

Azure Youtube Videos

AZ-104 - Administration - Azure Resource Manager

AZ-104 - Administration - Azure Portal and Cloud Shell Basics

AZ-104 - Administration - Azure CLI and Powershell

AZ-104 - Administration - Azure ARM Templates

AZ-104 - Governance and Compliance - Managing Subscriptions

AZ-104 - Governance and Compliance - Using management groups

AZ-104 - Governance and Compliance - Understanding Azure Policy

AZ-104 - Governance and Compliance - Tagging Resources

AZ-104 - Governance and Compliance - LAB Add Remove Tags

AZ-104 - Governance and Compliance - Locking and Moving Resources

AZ-104 - Governance and Compliance - Managing Azure Costs

AZ-104 - Governance and Compliance - Building a cloud governance strategy wth Azure tooling

AZ-104 Azure Identity - Conceptualizing Entra ID (Azure Active Directory)

AZ-104 Azure Identity - Managing Tenants

AZ-104 Azure Identity - Creating and Managing Users

AZ-104 Azure Identity - LAB Create and Manage Microsoft Entra ID Users in the Portal

AZ-104 Azure Identity - LAB Perform Bulk Microsof Entra ID Operations in the Portal

AZ-104 Azure Identity - Creating and Managing Groups

AZ-104 Azure Identity - Creating Administrative Units

AZ-104 Azure Identity - Configuring SSPR (self serfice password reset)

AZ-104 Azure Identity - Azure Entra ID Device Management

AZ-104 Azure RBAC - Understanding Roles in Azure

AZ-104 Azure RBAC - Assigning access to resources

AZ-104 Azure RBAC - LAB Using service Principal Identity to List AD Roles

AZ-104 Azure RBAC - Creating custom roles

AZ-104 Azure - Storage Accounts

AZ-104 Azure - Conceptualizing Azure Blog Storage

AZ-104 Azure - Configuring blob object replication

AZ-104 Azure - Configuring Blob Lifecycle Management

AZ-104 Azure RBAC - Understanding Roles in Azure

Describing RBAC

Microsoft Entra and Azure roles

No Comments