Roles

Azure Roles != Entra ID Roles

Entra ID != Azure

  • Entra ID Roles = just a Directory of all the Objects (users, App Registration/service principals, VMs...etc). Teams, Office 365, intune/MEM...etc

  • Azure Roles = because not all MS cloud customers use "Azure" (compute, storage, networking...etc)

RBAC (Azure Role)

Built-in role
Description
ID

Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

b24988ac-6180-42a0-ab88-20f7382dd24c

Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.

8e3af657-a8ff-443c-a75c-2fe8c4bcb635

Lets one read and manage all the reservations in a tenant

a8889054-8d42-49c9-bc1c-52486c10e7cd

Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.

f58310d9-a9f6-439a-9e8d-f62e7b41a168

Lets you manage user access to Azure resources.

18d7d88d-d35e-4fb5-a5c3-7773c20a72d9

General

Built-in role
Description
ID

View all resources, but does not allow you to make any changes.

acdd72a7-3385-48ef-bd42-f606fba81ae7

Last updated