Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Practice this question and more.

Where can you use a custom role for permission delegation in Azure?

contoso.com only
contoso.com and RG1 only
contoso.com and Subscription1 only
contoso.com, RG1, and Subscription1

The correct answer is: contoso.com only

Using a custom role for permission delegation in Azure is a flexible feature that allows organizations to define a set of specific permissions tailored to their needs. Custom roles can be applied not just at the subscription level but also at the resource group level and even to individual resources, depending on the needs of the organization and its security requirements. The correct choice indicates that custom roles can be used primarily within the bounds of the Azure Active Directory (Azure AD) tenant, which is associated with the domain, such as contoso.com. However, custom roles are not restricted to just a single domain. They can be implemented across various scopes, including resource groups and subscriptions within that tenant. In this context, it is important to recognize that custom roles offer a broad range of applications and can be utilized more extensively than just a single domain. They can effectively manage permissions across different resources and subscriptions as long as they fall under the Azure AD tenant's governance. Custom roles empower organizations to create a fine-tuned permission model that adheres to the principle of least privilege, thereby enhancing security and operational efficiency. This capability to use custom roles across multiple scopes results in a more robust and adaptable security posture for managing access rights.