Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage custom Azure Active Directory roles – Study material – Part 2

Hi All,
Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY 🙂
As I am preparing for the exam SC – 300, I am keep sharing the study material 🙂
In last article Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage Azure Active Directory roles – Study material – Part 1 we discussed about – What are Azure AD Roles, how to assign those roles to the user from Azure Active Directory admin center portal
In this article we will proceed further and will discuss how to create custom Azure role definition and assign to the user from Azure Active Directory admin center portal
If you still didn’t got a chance to go through last article please have a look once
So LETS BEGIN THE FUN 🙂
Creating and assigning Custom Azure AD Role definition from Azure portal :
- A custom role definition is a collection of permissions that we add from a preset list.
- These permissions are the same permissions used in the built-in roles.
- To create custom role definition we need to navigate to “Roles and administrators” page
- First navigating to “Azure Active Directory admin center” as

- Once we navigated to “Roles and administrators” page we have first link to create custom role – “+ New custom role” as shown in below fig

- On click of “+ New custom role” we will be redirected to “New custom role” page as shown in below fig
- On “New custom role” page, specify the require details basically – Name, Description and Baseline permissions – either to create from scratch or we need to clone and update from existing custom role in case available

- After having basic details on “Permissions” tab select the respective permissions as shown in below Fig.
- For now, only permissions for “Application Registrations” are supported.

- Here, for our custom role definition we have added permissions to read and update App properties as shown in below fig

- Once permissions are set click on “Next” button as in above fig
- We will be redirected to “Review + create” tab as in below fig
- Please have a look and if newly created custom role definition is final then please click on “Create” button at the bottom

- On successful creation we will newly created custom role definition on “Roles and administrators” page as shown in below fig

- We have new custom role definition ready 🙂 Lets assign this custom role definition to user
- We can assign new custom role definition to the user from “Add assignments” page as shown in below fig
- In last article we already have detailed steps for assigning role definition to the user

- Select the respective settings as shown in below fig
- For active assignment type we need to specify proper justification as well

- As we are ready, just click on “Assign” button on “Add assignment >> Settings” tab as shown in above fig
- On click of “Assign” button we will be redirected to “Assigned roles” page and there progress could be seen as shown in below fig

- On successful assignment, on user profile page under “Assigned roles” we could see the our new custom role definition is listed as shown in below fig

In this way could create and assign new custom role definition from Azure portal. We could also create and assign new custom role definition using PowerShell and Graph APIs. I’ll write separate articles on those 🙂
Next article : In next article we will discuss next topic from the exam syllabus – Configure and manage custom domains
Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂
Share In Teams:Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂
2 Responses
[…] Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage c… […]
[…] Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage custom Azure Active Directory roles – Study material – Part 2 Preparing exam SC – 300 – Identity and Access Administrator – Associate Configure and manage c… […]
You must log in to post a comment.