Assigning Roles with Azure AD
Start course

This Managing Azure AD User Roles course will teach you how to plan user roles in Microsoft 365 and how to allocate roles in workloads. You will learn how to configure administrative accounts and how to configure RBAC within Azure AD. You'll also learn how to delegate and manage admin roles.

Later in the course, you will learn how to manage role allocations by using Azure AD and how to plan security and compliance roles for Microsoft 365.

Learning Objectives

  • Plan and Allocate User Roles
  • Configure Role-Based Access (RBAC)
  • Delegate and Manage Admin Access
  • Plan Security and Compliance Roles

Intended Audience

  • IT professionals who are interested in obtaining Microsoft 365 certification
  • Those tasked with configuring and managing Office 365 access


  • A moderate understanding of Microsoft 365 and of Azure AD

When you're assigning roles with Azure AD, the most common way to assign those roles is to use the directory role page for a user. What we're going to do here is assign a role to one of our users in Azure AD. To do so, I've logged into my Azure portal here which you can see on your screen. 

To begin the role assignment process, what I'm going to do is select Azure Active Directory here on the left-hand side. Once I'm in the Overview page for my Azure Active Directory, what I can do is select Users. From the Users pane, I'm going to have all of the users in my Active Directory listed here. Now, what I wanna do is in this demonstration, I'm going to assign JoeyKnish a directory role. So what we'll do here is we'll select JoeyKnish from our Azure Active Directory here. 

Now, from here we can see all of the details regarding JoeyKnish. If we select Directory role here on the left side under Manage, we can see what existing roles are assigned to the JoeyKnish account. As you can see here on the screen, I have nothing assigned to this user yet. To assign a role to JoeyKnish, I simply click the Add assignment link up here, or button, whichever you wanna call it. And from here, I have a list of all of the directory roles at are available to me that I can assign to JoeyKnish. We can make him an Application administrator, a Cloud device admin, Compliance admin. You name it. As you can see here, there are quite a few roles that are available to me that I can assign to JoeyKnish. 

And of course, with each role comes a different set of access permissions. What I'm going to do here is assign JoeyKnish the user administrator directory role. So I select the role and then click Select. It's really that simple. Removing the assignment is as simple as checking the box next to the assignment and then clicking Remove. We'll be asked to confirm, we go ahead and click Yes and then from here we can see that the assignment is no longer in effect for JoeyKnish. 

And that, my friend is how you manage role allocations by using Azure AD.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.