AZ-104 Certification Notes

Chapter 4.5 - Azure AD Roles

Azure AD Roles

Azure AD roles are used to manage Azure AD resources in a directory such as:

• Create or edit users
• Assign administrative roles to others
• Reset user passwords
• Manage user licenses
• Manage domains

A few important Built-In Azure AD roles you should know:

• Global Administrator
  • Full access to everything
• User Administrator
  • Full access to create and manage users
• Billing Administrator
  • Make purchases, manage subscriptions and support tickets

You can create custom roles, but you need to purchase either:

• Azure AD Premium P1
• Azure AD Premium P2

Practice Quiz

• Which built-in Azure AD role makes purchases, manages subscriptions, and support tickets?

  • Lead Administrator
  • Billing Administrator
  • User Administrator
  • Global Administrator

• What do you need to purchase for you to create custom roles?

  • Azure AD Shared or Administrator
  • Azure AD Office 365 or Premium 3
  • Azure AD Basic or Standard
  • Azure AD Premium P1 or P2

• What are Azure AD roles?

  • Azure AD roles are used to manage Azure AD resources in a directory.

• What does the User Administrator (Built-in Azure AD role) have access to?

  • Full access to create and manage users​.