Entra ID RBAC Enables Administrative Best Practices

• Entra ID role-based access control manages secure administration of Entra ID (formerly AAD) and affiliated services, including Microsoft 365 services.
• Many Microsoft 365 services provide their own RBAC features with slightly different capabilities, so no one solution provides complete Microsoft 365 management.
• Entra ID RBAC should not be confused with Azure RBAC, although both are necessary for complete control.

Entra ID role-based access control (RBAC) grants principals (users and groups) access to the administrative and data-related tasks using a least-privilege management technique that permits just enough access to perform an administrative role’s tasks, and no more. Entra ID RBAC is used to control access to Entra ID, objects within Entra ID, and applications registered with Entra ID, such as Microsoft 365 and third-party services. Organizations should understand the capabilities and management processes of Entra ID RBAC and how it fits in with Microsoft 365 administration. (This administrative interface was previously called Azure Active Directory [AAD] RBAC prior to the 2023 rebranding of AAD as Entra ID.)