To understand the structure and meaning of role permissions, see How to understand role permissions. Permissions associated with each role are listed together for better readability. Refer to the Azure AD built-in roles documentation. Use the Service filter to narrow down the list of roles. Select Azure Active Directory > Roles and administrators to see the list of Azure AD roles. Finding the right rolesįollow these steps to help you find the right role. If there isn't a built-in role that meets your need, you can create your own custom roles. To better understand Azure AD built-in roles, see Understand roles in Azure Active Directory. There are Azure AD roles to manage directory objects like users, groups, and applications, and also to manage Microsoft 365 services like Exchange, SharePoint, and Intune. Azure AD RBAC supports over 65 built-in roles. By limiting roles and scopes, you limit what resources are at risk if the security principal is ever compromised. Avoid assigning broader roles at broader scopes even if it initially seems more convenient to do so. There are three aspects to consider when you assign a role to your administrators: a specific set of permissions, over a specific scope, for a specific period of time. Least privilege means you grant your administrators exactly the permission they need to do their job. When planning your access control strategy, it's a best practice to manage to least privilege. We encourage you to also read our detailed security guidance at Securing privileged access for hybrid and cloud deployments in Azure AD. These best practices are derived from our experience with Azure AD RBAC and the experiences of customers like yourself. This article describes some of the best practices for using Azure Active Directory role-based access control (Azure AD RBAC).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |