Azure Role-Based Access Control (Azure RBAC) offers a variety of default roles that can be assigned to users, groups, service principals, and managed identities to govern access to Azure resources.
Azure AD roles are responsible for managing Azure AD resources, such as groups, users, usernames, and passwords.
Azure roles, on the other hand, are responsible for defining what actions can be performed on actual resources deployed in Azure, such as virtual machines and Azure Blob Storage. It's important to distinguish between these two types of roles to maintain proper security and governance within an organization's Azure environment.
OBJECTIVES
In this blog, we will have four objectives that are categorized into different sections. The objectives are as follows:
Section A - Create an admin department and add two users, A and B.
Section B - Assign the global administrator role to user A.
Section C - Explain how user A can log into the Azure portal with their new credentials.
Section D requires the global administrator to facilitate the onboarding of a new member to the Admin department. Let's begin by following the steps outlined in
Section A.
1. On the Azure home page, click on the search bar and enter your Microsoft Enterprise ID.
2. a) Once you have opened the Microsoft Entra ID
b) Click on groups, then click on Add
- a) Select security as the group type from the drop-down
b) Give your group a name
c) Briefly describe what your group is about
d) Click on Create
4. Once the group has been created
a) Click on the admin department to display the details of the group you have just created.
Create users (A and B)
create user A
1. On the overview page click on users.
2. a) Click on new user
b) Click on Create New user
4. a) Enter the user principal name for user A
b) Enter the mail nickname
c) Display name
d) Choose a Password or select auto to generate a password.
e) Click on Next: properties >
5. a) Enter the user's first and last name
b) Select member as the user type.
c) Enter job information for user A
d) Enter contact information then click Next: Assignments >
5. a) Leave the Assignments section on default
b) Click on Review + Create.
6. a) User A with the name Chris Thomas has been created and added to the Users section.
b) Click on Chris Thomas to show User A details.
- user A company email address has been issued.
create user b
1. on the overview page Click on users.
2. a) click on new user
b) click on Create New user
a) Enter a user principal name for user B
b) Enter a mail nickname
c) Enter a display name
d) Enter a Password or select auto-generate password
e) Click on Next: properties >
a) Enter the user's first and last name
b) Select member as the user type.
c) Enter job information for user A
d) Enter contact information then click Next: Assignments >
6. a) Leave the Assignments section on default
b) Click on Review + create
7. a) User B with the name Gary Owen has been created and added to the Users section.
b) Click on Gary Owen to show User B's details
8. User B's company email address has been issued
section B
Assign global administrator role to user A
1. On the overview page, click on users
2. Click on Chris Thomas ( User A)
3. a) Click on Assigned roles
b) Click on Add Assignments
a) Click on the search bar and type Global Administrator
b) Select the box highlighted below, then click on Add
Section C
Show all the steps it took user A ( Chris Thomas ) to log into the Azure portal with his new credentials
1. A) On the user A section, copy the assigned company email address
b) Open a new page to login Azure portal
c) Paste the assigned email address and click Next
d) Enter the password you choose or the Autogenerated password, then click sign in
e) User A is now signed in to his Azure portal with his new credentials
Section D
Let the global administrator onboard a new member to the Admin department
1. a) On user A Azure portal
b) Click on the search bar then type Microsoft Entra Id
2. a) On Microsoft Entra ID overview, click on users
b) Click on Create new user
3. a) Enter a user principal name for the new member
b) Enter a mail nickname
c) Enter a display name
d) Enter a Password or select auto-generate password
e) Click on Next: properties>
4. a. enter the user's first and last name
b. select member as the user type
c. enter job information for the new member
d. enter contact information then click Next: Assignments >
4. a) Leave the Assignments section on default
b) Click on Review + create
5.a) A new member with the name Betty Johnson has been created and added to the users section
b) Click on Betty Johnson to show the new member assigned company email address
6. a) go to the Microsoft Entra ID overview section, then click on groups
7. click on admin department
8. click on members
9. a) click on Add members
b) select the new user with the name Betty Johnson, then click select
10. we have successfully added Betty Johnson to the Admin department.
I hope this step-by-step tutorial helps you understand how to manage Azure resources and Assign Roles. Thank you