Azure AD Roles

Question 1

Explain Azure AD roles and what they manage.

Answer 1

Azure AD roles are used to manage Azure AD resources in a directory such as create or edit users, assign administrative roles to others, reset user passwords, manage user licenses, and manage domains.

Question 2

What are a few of the more important Azure AD roles?

Answer 2

Global Administrator
User Administrator
Billing Administrator

Question 3

Are Azure AD roles and Azure roles the same? If not, how are they different?

Answer 3

At a high level, Azure roles control permissions to manage Azure resources, while Azure AD roles control permissions to manage Azure Active Directory resources.

Question 4

Of the four Security Principles (Users, Groups, Service Principles, and Managed Identity), what is the Service Principle?

Answer 4

It’s a security identity used by applications or services to access specific Azure Resources. It can be thought of as a username and password for a specific application.

Question 5

Of the four Security Principles (Users, Groups, Service Principles, and Managed Identity), what is the Managed Identity?

Answer 5

An identity in Azure Active Directory that is automatically managed by Azure. Typically used in developing cloud applications to handle credential management.

Question 6

What are the PowerShell commands to set up a new Role assignment and to pull information on existing ones?

What is the PowerShell deny assignment command?

Answer 6

New-AzRoleAssignment
Get-AzRoleAssignment

Get-AzDenyAssignment

Question 7

What are a couple of the primary PowerShell commands used when creating a custom role in Azure?

Answer 7

Get-AzRoleDefinition

New-AzRoleDefinition