Microsoft Entra ID

Azure RBAC

Description

An identity and access management service that helps you access internal and external resources.

An authorization system that manages user’s access to Azure resources including what they can do with those resources and what areas they can access.

Focus

Grants permissions to manage access to Microsoft Entra resources.

Grants permissions to manage access to Azure resources.

Scope

Tenant level

Specify at multiple levels (management group, subscription, resource group, and resource)

Roles

   Important Microsoft Entra built-in roles:

1.  Global Administrator – manage access to all the administrative features in Microsoft Entra ID.

2.  User Administrator – create and manage different types of users and groups in Azure.

3. Billing Administrator – it can manage subscriptions, support tickets, make purchases, and monitor service health.

   Supports custom roles.

   You can assign multiple roles on a user.

   Fundamental Azure RBAC built-in roles:

1. Owner – full access to all Azure resources.

2. Contributor – create and manage all types of resources in Azure.

3. Reader – a user with this role can only view Azure resources

4. User Access Administrator – it has permissions to manage user access to all types of resources.

   Supports custom roles in P1 and P2 licenses.

   You can assign multiple roles on a user.

Role information

You can access the role information in the Azure Portal, Microsoft Entra admin center, Microsoft 365 admin center, Microsoft Graph, and Microsoft Graph PowerShell.

You can access the role information in the Azure Portal, CLI, PowerShell, Resource Manager templates, and REST API.

Pricing

Microsoft Entra has three editions: Free, P1, and  P2. For the P1 and P2 licenses, you are charged on a monthly basis.

Azure RBAC is free and included in your Azure subscription.