AZ-104 Microsoft Azure Administrator Exam

You're a great admin... on-prem. Now, become a great admin in the cloud and prove it by passing the Microsoft Certified: Azure Administrator Associate exam!

Practice Test

Exam

Manage built-in Azure roles

Manage access to Azure resources

Identify and Assign Built-in Azure Roles

Understanding Azure Roles

Azure roles are predefined sets of permissions that allow users to manage Azure resources. These roles play a crucial role in maintaining security and governance within the Azure environment, ensuring that users only have the access they need to perform their tasks effectively.

Built-in Roles

Built-in roles are predefined by Microsoft and come with a fixed set of permissions tailored to common tasks and responsibilities. These roles ensure standardization across organizations and ease the management of permission assignments. Examples include:

  • Owner: Provides full access to all resources, including the authority to delegate access to other users. This role is ideal for administrators who need to oversee resource management comprehensively.
  • Contributor: Enables users to create and manage all types of Azure resources yet restricts them from granting access to others. This role is suitable for individuals actively developing or managing resources.
  • Reader: Allows users to view existing Azure resources without making any modifications. This role suits stakeholders who need insight into operations but do not require edit capabilities.

Role Assignment

A role assignment allows the linking of a role definition to a user, group, or service principal at a specific scope, ensuring precise control over access permissions. The scope can be:

  • Subscription: Offers comprehensive access across all resources within the subscription.
  • Resource Group: Grants access confined to resources within a specific group.
  • Resource: Provides targeted access to single, specific resources.

Security Principal

A security principal is essentially an identity that can be assigned a role within Azure. There are several types of security principals, including:

  • User: Refers to an individual with a user profile in Azure Active Directory.
  • Group: Consists of a collection of users managed as a single entity for simplified access control.
  • Service Principal: An identity created specifically for applications, hosted services, and automated tools to interact with Azure resources securely.

Assigning Roles

To properly assign a role within Azure, consider the following steps:

  1. Select the Scope: Choose the appropriate subscription, resource group, or individual resource for role assignment, ensuring alignment with organizational needs.
  2. Choose the Role: Review built-in roles and select one that matches the permission requirements for the task or responsibility.
  3. Assign to Principal: Specify the user, group, or service principal which will receive the role assignment, facilitating orderly access management.

Managing Access

Effective management of role assignments involves regular reviews and updates. This ensures users maintain appropriate access levels relative to their current needs, promoting security and compliance within the Azure environment.

In summary, adeptly identifying and assigning built-in Azure roles is integral to controlling access permissions for Azure resources. By recognizing predefined roles and understanding their specific permissions, organizations can enforce robust security measures and governance in Azure configurations.

Configure self-service password resetAssign roles at different scopes