About Azure AD

Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service. For an organization, Azure AD helps employees sign up to multiple services and access them anywhere over the cloud with a single set of login credentials.

Azure AD Roles

Setting up roles allows employees to have access to the information required to fulfill their responsibilities. Access rights and permissions are given to employees based on their job roles and designations. This helps protect business-critical data against misuse.

Azure Active Directory provides two types of role-based access controls:

  1. Built-in roles: Azure AD supports many built-in roles. However, each role includes a fixed set of permissions that cannot be modified.
  2. Custom roles: Azure AD also supports custom roles, including a collection of permissions that can be modified depending on the role. Granting permissions using custom roles is a two-step process. It involves creating a custom Azure AD role and assigning the permissions from a preset list. A custom role can be assigned at an organization level or object scope level. The member with custom permission rights can have access to all the organization’s resources, while object-scope permissions are limited to a single application.

Just-in-time access permission management

30-Day Free Trial

Get Started

WHAT ARE SOME PROBLEMS WITH AD ROLES?

A

C

I

P

S