@Manu Sharma
Thank you for your post and I apologize for the delayed response!
Adding onto the Identity and access management operations reference guide shared by @Dillon Silzer , you can also refer to our best practices documentation for Identity and Access Management (IAM) / role-based access control (RBAC) articles for more info.
Best practices for Azure AD roles:
This article describes some of the best practices for using Azure Active Directory role-based access control (Azure AD RBAC). These best practices are derived from our experience with Azure AD RBAC and the experiences of customers.
- Manage to least privilege
- Use Privileged Identity Management to grant just-in-time access
- Turn on multi-factor authentication for all your administrator accounts
- Turn on multi-factor authentication for all your administrator accounts
- Limit the number of Global Administrators to less than 5
- Use groups for Azure AD role assignments and delegate the role assignment
- Activate multiple roles at once using privileged access groups
- se cloud native accounts for Azure AD roles
Additional Links:
How Azure AD roles are different from other Microsoft 365 roles
Securing privileged access for hybrid and cloud deployments in Azure AD
Understand roles in Azure Active Directory
Azure AD built-in roles
Create and assign a custom role in Azure Active Directory
---------------------
Best practices for Azure RBAC
This article describes some best practices for using Azure role-based access control (Azure RBAC).
- Only grant the access users need
- Limit the number of subscription owners
- Use Azure AD Privileged Identity Management
- Assign roles to groups, not users
- Assign roles using the unique role ID instead of the role name
- Avoid using a wildcard when creating custom roles
Additional Links:
Security recommendations - a reference guide
What is Azure AD Privileged Identity Management?
Azure RBAC limits
Wildcard permissions
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.