Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage custom Azure Active Directory roles – Study material – Part 2

Creating custom role definition - Azure Active Directory admin center - assigning the permissions for new custom role definition
Creating custom role definition - Azure Active Directory admin center - assigning the permissions for new custom role definition

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY 🙂

As I am preparing for the exam SC – 300, I am keep sharing the study material 🙂

In last article Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage Azure Active Directory roles – Study material – Part 1 we discussed about – What are Azure AD Roles, how to assign those roles to the user from Azure Active Directory admin center portal

In this article we will proceed further and will discuss how to create custom Azure role definition and assign to the user from Azure Active Directory admin center portal

If you still didn’t got a chance to go through last article please have a look once

So LETS BEGIN THE FUN 🙂

Creating and assigning Custom Azure AD Role definition from Azure portal :

  • A custom role definition is a collection of permissions that we add from a preset list.
  • These permissions are the same permissions used in the built-in roles.
  • To create custom role definition we need to navigate to “Roles and administrators” page
  • First navigating to “Azure Active Directory admin center” as
Creating custom role definition - Azure Active Directory admin center
Fig : Creating custom role definition – Azure Active Directory admin center – navigating to “Roles and administrator”
  • Once we navigated to “Roles and administrators” page we have first link to create custom role – “+ New custom role” as shown in below fig
Creating custom role definition - Azure Active Directory admin center - "Roles and administrators" page - "+ New custom role" option
Fig : Creating custom role definition – Azure Active Directory admin center – “Roles and administrators” page – “+ New custom role” option
  • On click of “+ New custom role” we will be redirected to “New custom role” page as shown in below fig
Creating custom role definition - Azure Active Directory admin center - New custom role page
Fig : Creating custom role definition – Azure Active Directory admin center – New custom role page
  • On “New custom role” page, specify the require details basically – Name, Description and Baseline permissionseither to create from scratch or we need to clone and update from existing custom role in case available
Creating custom role definition - Azure Active Directory admin center - Basics details for new custom role definition on "New custom role" page
Fig : Creating custom role definition – Azure Active Directory admin center – Basics details for new custom role definition on “New custom role” page
  • After having basic details on “Permissions” tab select the respective permissions as shown in below Fig.
  • For now, only permissions for “Application Registrations” are supported.
 Creating custom role definition - Azure Active Directory admin center - assigning the permissions for new custom role definition
Fig : Creating custom role definition – Azure Active Directory admin center – assigning the permissions for new custom role definition
  • Here, for our custom role definition we have added permissions to read and update App properties as shown in below fig
Creating custom role definition - Azure Active Directory admin center - assigning the permissions for new custom role definition
Fig : Creating custom role definition – Azure Active Directory admin center – assigning the permissions for new custom role definition
  • Once permissions are set click on “Next” button as in above fig
  • We will be redirected to “Review + create” tab as in below fig
  • Please have a look and if newly created custom role definition is final then please click on “Create” button at the bottom
Creating custom role definition - Azure Active Directory admin center - finalizing custom role definition and creating
Fig : Creating custom role definition – Azure Active Directory admin center – finalizing custom role definition and creating
  • On successful creation we will newly created custom role definition on “Roles and administrators” page as shown in below fig
Creating custom role definition - Azure Active Directory admin center - New custom policy listed on "Roles and administrators" page
Fig : Creating custom role definition – Azure Active Directory admin center – New custom role definition listed on “Roles and administrators” page
  • We have new custom role definition ready 🙂 Lets assign this custom role definition to user
  • We can assign new custom role definition to the user from “Add assignments” page as shown in below fig
  • In last article we already have detailed steps for assigning role definition to the user
Creating custom role definition - Azure Active Directory admin center - assigning new custom role definition to user
Fig : Creating custom role definition – Azure Active Directory admin center – assigning new custom role definition to user
  • Select the respective settings as shown in below fig
  • For active assignment type we need to specify proper justification as well
Creating custom role definition - Azure Active Directory admin center - assigning new custom role definition to user - settings
Fig : Creating custom role definition – Azure Active Directory admin center – assigning new custom role definition to user – settings
  • As we are ready, just click on “Assign” button on “Add assignment >> Settings” tab as shown in above fig
  • On click of “Assign” button we will be redirected to “Assigned roles” page and there progress could be seen as shown in below fig
Creating custom role definition - Azure Active Directory admin center - custom role definition assignment progress on "Assigned roles" page
Fig : Creating custom role definition – Azure Active Directory admin center – custom role definition assignment progress on “Assigned roles” page
  • On successful assignment, on user profile page under “Assigned roles” we could see the our new custom role definition is listed as shown in below fig
Creating custom role definition - Azure Active Directory admin center - User Profile >> Assigned roles >> new custom role definition assigned to the user
Fig : Creating custom role definition – Azure Active Directory admin center – User Profile >> Assigned roles >> new custom role definition assigned to the user

In this way could create and assign new custom role definition from Azure portal. We could also create and assign new custom role definition using PowerShell and Graph APIs. I’ll write separate articles on those 🙂

Next article : In next article we will discuss next topic from the exam syllabus – Configure and manage custom domains

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂  

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

2 Responses

  1. March 19, 2021

    […]  Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage c…  […]

  2. March 21, 2021

    […] Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage custom Azure Active Directory roles – Study material – Part 2 Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage c… […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: