Azure AD (Microsoft Entra ID) and RBAC

• Lets create a user hulk in Azure AD (Entra ID) (watch classroom recording for screen shots) and login in portal to set up Microsoft Authenticator and phone number
• As we have setup only authentication not authorization, the user hulk will not have access to any of the resources

Activity1: Create a resource group

• From your root account create a resource group and navigate to IAM
  
• Azure builtin roles Refer Here
• Lets give a reader permission to the user hulk at subscription level
  
• Now lets check the permission assigned to hulk with in hulks portal
• At subscription level
  
  
• At resource group level
  
• At resource level
  
• Lets give different permissions at resource group level i.e. contributor at resource group level
  
• Try creating any resource in the resource group as hulk
  
• If you try creating anything in anyother resource group we land up in errors
  

Compare IAM Policy JSON and Azure Role Json and find similarities.

• To be discussed in next session