Skip to Content

AZ-900: Where Should Business Configure Permissions for Role-Based Access Control (RBAC) to Enforce Least Privilege Access?

By: Author Alex Lim

Posted on

Categories Exam

Where should organizations configure permissions to implement Azure role-based access control (RBAC) and enforce least privilege access? Learn how Azure Active Directory and the Azure portal enable granular, policy-driven access management.

Table of Contents

Question

A business is implementing role-based access control (RBAC) to enforce least privilege access. Where should they configure permissions?

A. Azure Key Vault
B. Azure Firewall
C. Azure DevOps
D. Azure Kubernetes Service
E. Azure Active Directory

Answer

E. Azure Active Directory

Explanation

Azure Active Directory (Azure AD) enables role-based access control (RBAC) to restrict user access based on roles and responsibilities.

The correct place to configure permissions for role-based access control (RBAC) in Azure is through Azure Active Directory (Azure AD) and the Azure portal’s Access control (IAM) features.

  • Azure RBAC Overview: Azure RBAC is the authorization system used to manage access to Azure resources. It allows organizations to assign roles to users, groups, service principals, or managed identities, defining what actions they can perform and at what scope (subscription, resource group, or individual resource).
  • Configuration Location: Permissions are configured in the Azure portal by navigating to the relevant scope—such as a management group, subscription, resource group, or specific resource—and using the Access control (IAM) blade to assign roles. This is tightly integrated with Azure Active Directory, which manages the identities (users, groups, etc.) that receive these permissions.
  • Role Assignments: Each role assignment consists of a security principal (user, group, or application), a role definition (set of permissions), and a scope (where the permissions apply). Assignments can be made at different hierarchical levels, allowing for granular enforcement of least privilege access.
  • Principle of Least Privilege: By assigning only the necessary roles at the appropriate scope, organizations ensure users have the minimum permissions required for their responsibilities, reducing security risks.
  • Auditing and Management: The Azure portal provides tools for reviewing, auditing, and updating role assignments to maintain compliance and operational efficiency.

Azure Active Directory, in conjunction with the Access control (IAM) features in the Azure portal, is where organizations configure RBAC permissions. This approach provides centralized, granular, and policy-driven access management to enforce least privilege across all Azure resources.

Microsoft Azure Fundamentals AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Fundamentals AZ-900 exam and earn Microsoft Azure Fundamentals AZ-900 certification.