cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Permissions

Gerry Ford
Copper Contributor

‎Aug 13 2021 12:46 PM

‎Aug 13 2021 12:46 PM

Azure Permissions

We would like to give 5-8 people in our envirionment full access to Azure, but we don't want to give them Global Admin rights, as we don't want them to have access to M365. What is the easiest way to accomplish this? We're not looking forward to assigning each person 25-30 roles. 

 

Thank You,

Gerry. 

Labels:
1,157 Views
0 Likes
2 Replies
Reply
2 Replies
Luke Murray

‎Aug 15 2021 01:37 PM

‎Aug 15 2021 01:37 PM

Re: Azure Permissions

Create a Custom Role, assign the role to a Group, add the users into that Group.

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://luke.geek.nz/azure/create-custom-roles-for-microsoft-azure/
0 Likes
Reply
David Pazdera

‎Aug 16 2021 07:17 AM - edited ‎Aug 16 2021 07:19 AM

‎Aug 16 2021 07:17 AM - edited ‎Aug 16 2021 07:19 AM

Re: Azure Permissions

In addition to what Luke wrote, you can use built-in roles like Owner and assign it on a certain scope (single Resource Group, single subscription, several subscriptions grouped under a Management Group). Please note that Global Admin is Azure AD role (not something you are using in Azure RBAC). There is no need to assign your users (devs and similar) any Azure AD privileged role.

 

Microsoft recommends following the "least privilege access" principle (or even just-in-time access using Privileged Identity Management), so defining the "blast radius" (what part of your Azure environment that group of people will have access to and what level) is a good approach.

0 Likes
Reply