Azure AD Roles are used to manage access to Azure AD resources, whereas Azure Roles are used to manage access to Azure resources. The scope of Azure AD roles is at the tenant level, whereas the scope of Azure roles can be specified at multiple levels including management group, subscription, resource group, resource. Azure AD roles and application roles are not linked together3. Azure AD roles are more for controlling access to Azure resources and don’t really apply to application specific roles.
Azure Roles
These are ways of controlling access to Azure resources and services. They are defined by a collection of permissions that can be performed, such as read, write, and delete. Azure has several built-in roles or you can create your own custom roles. Some examples of Azure roles are Azure Administrator, Azure Developer, Azure Solutions Architect, Azure DevOps Engineer, and Azure Data Engineer.
Azure AD
This is an identity store in Azure. Here we can define users, groups, applications, and service principles. These users can authenticate onto Azure and they can access resources that are part of Azure subscription.
We can assign Azure AD roles to a user and these permissions are normally given to manage the various aspects of Azure AD.
Create users and Group in Azure and assign Users (Members) to the Group
To create a new Azure AD user, start by logging into your Azure Portal. Inside the portal, navigate to the Azure search and enter user.
Select the “Users” tab and click on “Create New User.”
Input the necessary user details and finalize by creating the user account.
Under Password unselect the autogenerate a password option it is easy to remember to give the password of your choice, scroll down to bottom leave rest options as default, and click Review + Create.
click on Create to finalize the process.
Once the user is created you will land on the below page where you can see the newly created user name, on refreshing, in the list of users.
click on the new user to see the user details.
How To Create Azure Groups – Administrative department
From the left-hand side of the Manage pane click on Groups or type group on the search bar.
Select Group type, Add Group Name, Group Description, Select Owners, and Select create to create a group.
Add members to the Azure Active Directory group
__From here you can manage the group or also you can add members.
__Click on the Group to see its details
check the users you want to add to the group and click on select.
__Now we can see the members of the group.
__Click on a members to see its details.
__Click the Role assignments, on the left pane, to view the role assignments at this scope.
__Click on add assignments
__The Add role assignment page opens
__On the Role tab, select a role that you want to use.
__You can search for a role by name or by description. You can also filter roles by type and category.
__Click on add to give the role to the user
Steps to login the created Global Admin in into the Azure Portal with his new credentials
__Click on your account on the top right and select “sign in with a different account”
__enter the new user credentials
__Click Sign In to continue
__update your password,
If prompted to update your passwor
__Once signed into Azure follow the prosses describe above to onboard users as an administrator.
__screen captures are as shown below;
We can now see the new user added by the new admin manager
