Manage Access to Azure With Role-Based Access Control


65 students completed the lab in ~36m

Total available time: 1h:0m

14 students rated this lab!

Lab Overview

The 'principle of least privilege' states that security of resources is improved when workers only have the access they need to perform their job roles. Azure provides fine-grained role-based access control (RBAC) mechanisms to secure your cloud environment. In this Lab, you will follow the principle of least privilege for users as you manage access to Azure with RBAC. You will use Azure PowerShell to create a custom role, learn how to assign roles to users, and get tips on how to define your own custom roles.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Create custom roles using Azure PowerShell
  • Investigate user access control errors
  • Develop custom roles using the Azure Portal and PowerShell

Lab Prerequisites

You should be familiar with:

  • Basic Azure resources, such as Subnets, Virtual Machines, and Network Security Groups

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Follow these steps to learn by building helpful cloud resources

Logging into the Microsoft Azure portal

Begin the Lab by logging into the Microsoft Azure portal

Connecting to the Virtual Machine (RDP)

Connect to the Windows virtual machine using Remote Desktop Protocol (RDP) software

Viewing the PowerShell Script

Open the PowerShell script in the PowerShell Integrated Scripting Environment (ISE)

Connecting to Azure via PowerShell

Connect to your Azure account via PowerShell

Creating a Custom Role in PowerShell

Step through the provided custom RBAC PowerShell creation script

Simulating the Custom Role User Experience

Observe the Azure Portal experience of a user with the custom role assigned

Finding Permissions for Custom Roles

Use PowerShell and the Azure Portal to find operations for custom roles