Azure AD roles are a set of permissions that control access to resources and actions in an Azure AD tenant. These roles can be assigned to users, groups, or applications to grant them specific permissions to perform tasks within the tenant.
There are three types of Azure AD roles:
- Azure AD built-in roles: These roles are pre-defined by Azure and are intended to provide specific sets of permissions to perform various tasks in the tenant. Examples of built-in roles include Global Administrator, Password Administrator, and User Administrator.
- Azure AD custom roles: These roles can be created by Azure AD administrators and can be tailored to fit the specific needs of their organization. Custom roles can include a combination of built-in permissions and custom permissions.
- Azure AD directory roles: These roles are specific to managing Azure AD and include roles like Directory Readers, Directory Writers, and Directory Administrators.
Examples of permissions that can be assigned to Azure AD roles include creating and managing users, groups, and applications; managing Azure AD resources and configuration settings; and configuring security and access policies for applications and users.
