Azure Active Directory Gets New Custom Roles Capability
Microsoft has added the ability to create and assign custom roles as part of its Azure Active Directory Service.
This new capability gives IT departments greater control over who can access, change or view Azure services within an organization. The custom roles capability today reached the "general availability" milestone, meaning that it's commercially released by Microsoft and is considered ready for use.
Microsoft has had a Role Based Access Control capability that has been in place for its Azure AD service since October. It comes with predefined role templates. IT pros can use the Role Based Access Control feature to assign permissions such as "owner," "contributor" or "reader" for those templated roles. What was lacking back then was the ability for organizations to customize those role templates or create new ones. Now that's possible, using the Azure command line interface tool, as well as PowerShell.
The approach for modifying an existing template to create a new custom role is described in Microsoft's announcement. It's somewhat straightforward. However, the user has to understand what the Azure AD actions entail. To figure that out, the Get-AzureRmProviderOperation PowerShell commandlet can be used. It will list the operations associated with a particular Azure resource. IT pros can then select what they want and add those privileges into the JSON file to customize the role template.
After the JSON file is created or modified, it becomes available as custom role. It will appear as an icon, showing up in the Users blade of the Azure Portal. IT pros can then assign a user or a group to that custom role.
Microsoft also added a new capability to the Azure Portal. It now permits IT pros to view the resources available per role, according to the company's announcement.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.