Microsoft is releasing new role-based access control features in Azure Active Directory designed to enable IT to create custom roles for devices and add devices as administrative units for more fine-grained delegation of device administration.
Administrators can create custom roles using device permissions to delegate access. Admins can do this by navigating to Roles and administrators and New Custom Role, Microsoft says in a Tech Community blog.
In addition to customizing permissions in the role, admins can use administrative units to scope those permissions to a specific set of devices, according to Microsoft.
After those two steps are completed, admins can go to the Roles and administrators tab and assign the custom role created over the scope of the administrative unit. This ensures that the permissions specified when the role was created apply only to the devices specified in the administrative unit, Microsoft says.
The company recommends assigning the custom role as an eligible assignment through Privileged Identity Management.
The release comes shortly after the company announced in early March new custom roles for app registration and enterprise apps, the first in a series of announcements of new role-based access control (RBAC) capabilities in Azure AD designed to give admins more fine-grained authorization and simplify management.
Microsoft says centralized IT admins can manage the delegation of Azure AD roles by exercising least privilege to keep IT systems secure.
For example, senior IT admins can delegate access management of the line of business applications to their owners and grant role to others on the IT team to manage specific apps.
Admins can create a custom role with just the permissions to manage user and group assignments for specific applications. Once the custom role is created, the centralized IT admin can assign the role to specific IT professionals within the scope of the app, essentially granting the ability to manage user and group assignments.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply