Scenario 1
- Create a RBAC for the developers group to have Reader Access on Azure and Contributor access for VirtualMachines
- Solution: Refer Here
- Create a custom role
- Ensure Developer have no role assignments and then add a role assignment to the developers group
- After the Role Assignment is successful, try to login as developer and check the access
Scenario 2:
- Create a Role for QA Engineers where they have Reader access on Azure and they should have Storage Account Contributor access at Subscription level.
- Refer Here for the solution
Scenario 3:
- Create a Role for Developers (Delete all existing role assignments). Ensure this developers group has a contributor access on everything and no access to virtual machines
- Refer Here for the solution
Security Defaults
- Security defaults are set of built-in policies that protect your organization from common threats
- It requires all the users to register for MFA
- It requires users to USE MFA when necessary
- It requires administrators to perform MFA
- It protects privileged activities such as accessing the Azure portal