What is RBAC
Start course

This Managing Azure AD User Roles course will teach you how to plan user roles in Microsoft 365 and how to allocate roles in workloads. You will learn how to configure administrative accounts and how to configure RBAC within Azure AD. You'll also learn how to delegate and manage admin roles.

Later in the course, you will learn how to manage role allocations by using Azure AD and how to plan security and compliance roles for Microsoft 365.

Learning Objectives

  • Plan and Allocate User Roles
  • Configure Role-Based Access (RBAC)
  • Delegate and Manage Admin Access
  • Plan Security and Compliance Roles

Intended Audience

  • IT professionals who are interested in obtaining Microsoft 365 certification
  • Those tasked with configuring and managing Office 365 access


  • A moderate understanding of Microsoft 365 and of Azure AD

Just as it is with on-prem environments, a coherent access management solution is critical to protecting Azure resources. Role-Based Access Control or RBAC offers the ability to manage which users have access to which resources. It also allows you to control what users can do with the resources that they have access to as well as what areas in Azure that they have access to. 

RBAC is Azure's built-in authorization system and it provides fine-grained access management of Azure resources. So what exactly can you do with RBAC? Well, for one, you can allow certain users to manage only virtual machines within a subscription while allowing other users to manage only virtual networks. Another case would be a scenario where you allow your DBAs to manage SQL databases in your Azure subscription but nothing else. In a broader use case scenario, you might want to allow a certain group of users to manage all resources contained within a specific resource group. Another example would be a scenario where you need to allow a specific application to access the resources within a specific resource group. So as you can see, there are quite a few things that are made possible through the use of RBAC. 

By separating duties via RBAC, you can grant only the specific access that users need to perform their jobs. Gone are the days where you need to grant a person unrestricted permissions when all that person needs is a subset of those permissions. As part of any good access control strategy, you should always grant users the least privileges they need to get their work done. RBAC controls access to resources through the enforcement of role assignments. These role assignments are how permissions are enforced. 

It's important to note that each role assignment consists of three elements. These elements include a security principal, a role definition and a scope. In the next lesson, we'll talk about these elements a little more in detail.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.