Identity and access management #

Design Area Overview #

Identity provides the basis for a wide variety of security assurance. It grants access based on identity authentication and authorization controls in cloud services. Access control protects data and resources and helps determine which requests should be permitted.

Identity and access management helps secure the internal and external boundaries of a public cloud environment. It’s the foundation of any secure and fully compliant public cloud architecture.

RBAC #

Understand the difference between Microsoft Entra ID roles and Azure RBAC roles.

Microsoft Entra ID roles control the administrative privileges to tenant-wide services such as Microsoft Entra ID, and other Microsoft services including Microsoft Teams, Microsoft Exchange Online, and Microsoft Intune.

Azure RBAC roles control the administrative privileges to Azure resources such as virtual machines, subscriptions, and resource groups.

The Azure RBAC Owner and User Access Administrator roles can modify the role assignments on Azure resources. By default, the Microsoft Entra Global Administrator role doesn’t have permission to manage access to Azure resources. It must be explicitly enabled. For more information, see Elevate access to manage all Azure subscriptions and management groups.