====== Identity & Access Management ======
  * [[azure:az-500:az-500_certification|AZ-500 Certification]]

> Identity management is the new control plane.

> Identity is the new perimeter.


===== Topics =====
  * Azure AD
  * Role Based Access Controls (RBAC)


====== § ======
  * [[azure:az-500:manage_azure_active_directory_azure_ad_identities|Manage Azure Active Directory (Azure AD) identities]]
  * [[azure:az-500:manage_secure_access_by_using_azure_ad|Manage secure access by using Azure AD
]]
  * [[azure:az-500:Manage application access]]
  * [[azure:az-500:Manage access control]]


  * [[azure:az-500:Hybrid Identity]]
  * [[azure:az-500:Enterprise Governance]]

====== Role Based Access Control (RBAC)/Roles ======

===== Azure AD roles vs. Azure Resource Manager (ARM) roles =====
  * AAD Roles vs. ARM/Azure Roles
  * [[https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-roles-and-azure-ad-roles/ba-p/2363647]]

> Azure AD and Azure resources are secured independently from one another. That is, Azure AD role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Azure AD. However, if you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory. 

  * [[https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin]]
  * RBAC is generally thought of as being used to apply to the control plane, but it can also be used to apply to data plane operations. 


==== Azure AD Roles ====
  * [[https://docs.microsoft.com/en-us/azure/active-directory/roles/]]

The following are the four fundamental Azure AD administrator roles.
  * Global Administrator
  * User Administrator
  * Helpdesk Administrator
  * Billing Administrator

==== Azure Resource Manager (ARM) Roles ====
//As the name suggests Azure Resource Manager roles are roles that apply to resources within an Azure tenant. Whereas Azure AD roles apply to the tenant itself.//

The following are the four fundamental //ARM// roles.
  * Owner
  * Contributor
  * Reader
  * User Access Administrator


{{:azure:az-500:roles.png|}}