1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Exam Prep 70-533: Implementing Microsoft Azure Infrastructure Solutions

RBAC and Resource Policies


Overview of the course
Course Intro
Course Overview
Start course


Exam Prep 70-533: Implementing Microsoft Azure Infrastructure Solutions

The purpose of this course is to help prepare you for the Microsoft Azure 70-533 Exam. This course focuses on key points that are meant to fill in the learning gaps for those who already have a base foundational knowledge of Microsoft Azure.

What You'll Learn in this Exam Prep 70-533

Lesson What you'll learn
Overview of the Course Overview of the course and the Learning Objectives
About the 70-533 Exam Learn about the exam, its objectives, and certification paths
Design and Implement Azure App Service Apps Discuss App Service Plans and Web Apps
Create and Manage ARM Virtual Machines Understand ARM VMs, pricing, resiliency and configuration limits
Design and Implement a Storage Strategy Learn to Implement Azure Storage, SQL Databases, and Recovery Services
Implement an Azure Active Directory Discuss Azure AD, tools, App integration, and monitoring
Implement Virtual Networks Learn about Azure networking and cross-site connectivity
Design and Deploy ARM Templates Learn about ARM Templates and Deployment options
Summary Course summary including Exam Tips and Tricks



Role-Based Access Control or RBAC allows you to assign roles to limit scope on user access to Azure Resources. This is similar to service principals in Active Directory that assigns users to certain Administrator Groups and sub-administrator groups using the principle of least privilege. Azure has the same thing and comes already with certain built-in roles and allows you to define your own custom RBAC roles specifying what a user can and cannot do with particular resources.

Resource policies enable you to establish conventions for resources in your organization. By defining conventions, you can control costs and more easily manage your resources. For example, you can specify that only certain types of virtual machines are allowed, or restrict the locations in which the resources can be provisioned. Policies are inherited by all child resources. So, if a policy is applied to a resource group, it is applicable to all the resources in that resource group.

Important takeaways here are the differences between RBAC and Resource Policies. RBAC focuses on user actions at different scopes while Resource Policies focus on the properties of a resource itself. Unlike RBAC, policy is a default allow and explicit deny system. And to use Resource Policies you must have the policydefinitions write permission to define a policy and the policyassignments write permission to assign a policy as shown here.

I want to show you an example of a Policy definition which has a Parameter, Condition, Effect structure. Here the parameters specify an allowed location, we have a conditional if not then expression followed by the effect which is simply to deny. This simply reads: If the location is not part of the list of allowed locations then deny the resource from being provisioned. Other effects include audit and append.

About the Author

Learning paths2

Chris has over 15 years of experience working with top IT Enterprise businesses.  Having worked at Google helping to launch Gmail, YouTube, Maps and more and most recently at Microsoft working directly with Microsoft Azure for both Commercial and Public Sectors, Chris brings a wealth of knowledge and experience to the team in architecting complex solutions and advanced troubleshooting techniques.  He holds several Microsoft Certifications including Azure Certifications.

In his spare time, Chris enjoys movies, gaming, outdoor activities, and Brazilian Jiu-Jitsu.