hands-on lab

Manage Access to Azure With Role-Based Access Control

Up to 1h 30m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Lab Overview

The 'principle of least privilege' states that security of resources is improved when workers only have the access they need to perform their job roles. Azure provides fine-grained role-based access control (RBAC) mechanisms to secure your cloud environment. In this Lab, you will follow the principle of least privilege for users as you manage access to Azure with RBAC. You will use Azure PowerShell to create a custom role, learn how to assign roles to users, and get tips on how to define your own custom roles.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Create custom roles using Azure PowerShell
  • Investigate user access control errors
  • Develop custom roles using the Azure Portal and PowerShell

Lab Prerequisites

You should be familiar with:

  • Basic Azure resources, such as Subnets, Virtual Machines, and Network Security Groups

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:



May 22nd, 2024 - Updated the instructions and screenshots to reflect the latest UI

May 9th, 2023 - Updated outdated screenshot

January 25th, 2022 - Modified some cmdlets due to changes resulting from the cmdlets using Microsoft Graph instead of Azure AD Graph

September 22nd, 2021 - Updated screenshots and instructions to reflect the latest UI experience

February 20th, 2020 - Added a validation check to check the work performed in the lab

February 19th, 2020 - Updated lab to use the Az PowerShell module

December 16th, 2019 - Updated VM to Windows 2019 Datacenter and resolved an issue that caused the bootstrap script to fail in one case

October 22nd, 2019 - Improved instructions related to first loading the lab PowerShell script

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Connecting to the Azure Virtual Machine (RDP)
Viewing the PowerShell Script
Connecting to Azure via PowerShell
Creating a Custom Role in PowerShell
Simulating the Custom Role User Experience
Finding Permissions for Custom Roles