Easily manage access to Azure AD resources
Distribute identity management tasks with Azure Active Directory (Azure AD) roles.
What are roles in Azure AD?
Role-based access control allows organizations to grant admins granular permissions in one of three role categories: Azure AD-specific roles, service-specific roles, and cross-service roles.
Azure AD roles are not only a means to manage permissions to identity resources, but also a foundation to control privileged access to many Microsoft security and productivity services. Common Azure AD admin roles manage permissions for users, groups, and apps. Other service roles manage permissions to Exchange, Intune, SharePoint, Microsoft Teams, and security tools like Microsoft Cloud App Security and the Microsoft Security Center.
Roles in Azure AD
Manage access to Azure AD resources with Azure AD role-based access controls. Choose from a set of built-in roles or customize roles to support your business needs.
Understanding Azure AD role-based access control
Azure AD supports two types of identity service role definitions: built-in and custom roles. Built-in roles include a fixed set of permissions. Custom roles include permissions you can select and personalize.
Roles and permissions
Grant users limited privileges to perform identity tasks such as adding and changing users, assigning admin roles, managing user licenses, and managing domain names.
Custom roles
Learn how to create a custom role in Azure AD to suit your organizational needs and assign the role at the directory level or an app-specific level.