Manage and right-size RBAC role assignments for least privilege
Intermediate
Advanced
Security Engineer
Microsoft Entra ID
Microsoft Defender for Cloud
Azure
Implement least-privilege access governance across Azure and Microsoft Entra ID. Assign built-in roles at appropriate scope, create custom roles for Azure resources and Microsoft Entra directory operations. Then identify and remediate overprivileged access using Microsoft Entra access reviews and Defender for Cloud Security Posture Management (CSPM) identity insights.
Learning objectives
After completing this module, you can:
- Assign built-in Azure roles at the appropriate scope using least-privilege principles
- Create custom Azure roles and Microsoft Entra roles for operations that built-in roles don't cover at the right permission level
- Identify overprivileged role assignments and remediate them using Defender for Cloud CSPM, Cloud Infrastructure Entitlement Management (CIEM), and Microsoft Entra access reviews
Prerequisites
- Familiarity with Microsoft Entra ID concepts including users, groups, and directory roles
- Understanding of Azure role-based access control (RBAC), including role assignments and the Azure scope hierarchy
- Basic experience navigating the Azure portal and Microsoft Entra admin center
- Familiarity with Zero Trust security principles including least privilege
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.