Easily manage access to Azure AD resources
Distribute identity management tasks with Azure Active Directory (Azure AD) roles.
Azure AD is now part of Microsoft Entra
Step into tomorrow with Microsoft Entra, the new family of multicloud identity and access products to help you secure access for a connected world.
What are roles in Azure AD?
Role-based access control allows organizations to grant admins granular permissions in one of three role categories: Azure AD-specific roles, service-specific roles, and cross-service roles.
Roles in Azure AD
Manage access to Azure AD resources with Azure AD role-based access controls. Choose from a set of built-in roles or customize roles to support your business needs.
Understanding Azure AD role-based access control
Azure AD supports two types of identity service role definitions: built-in and custom roles. Built-in roles include a fixed set of permissions. Custom roles include permissions you can select and personalize.
Roles and permissions
Grant users limited privileges to perform identity tasks such as adding and changing users, assigning admin roles, managing user licenses, and managing domain names.
Custom roles
Learn how to create a custom role in Azure AD to suit your organizational needs and assign the role at the directory level or an app-specific level.
Additional Azure AD role resources
Concepts
Discover roles in Azure AD and how to use them to delegate permissions.
How-to guides
See step-by-step guides on how to create a custom role in Azure AD.
Tutorials
Learn how to assign and remove user role assignments in Azure AD.
Follow Microsoft