Which feature allows for management of permissions in Azure AD?

Azure Role-Based Access Control (RBAC) is the feature in Azure Active Directory (Azure AD) that provides fine-grained access management. RBAC enables you to assign roles to users and groups, defining what actions those roles can perform on specific resources within Azure. This mechanism allows administrators to restrict access and permissions based on the principle of least privilege, ensuring that users only have the access necessary for their responsibilities.

With RBAC, there are built-in roles like Owner, Contributor, and Reader, as well as the ability to create custom roles tailored to specific needs. This flexibility is crucial in managing large teams and resources, as it allows organizations to enforce security policies effectively while enabling users to perform their jobs without cluttered permission sets.

In contrast, while Azure Policy governs what resources can be created and how they can be configured in Azure, it does not manage user permissions. Azure Resource Manager (ARM) is primarily used for deploying and managing resources in Azure, but it also does not serve the purpose of permission management directly. Azure Site Recovery focuses on disaster recovery solutions and does not pertain to permission management within Azure AD. Therefore, RBAC is the most relevant feature for managing permissions in Azure AD.