Skip to main content

How to secure your RBAC infrastructure in Azure

by Jeff Christman
Senior Consultant, Cloud Security

RBAC stands for role-based access control. It is Microsoft’s way of assigning roles and permissions to groups and users. More broadly, it is an important concept in cybersecurity for grouping users to give them a common set of permissions. 

Multiple roles in Azure RBAC
Managing multiple role assignments in Azure RBAC | Source: Microsoft

RBAC played a big role in one of my recent projects. The problem I’m seeing is that AWS and other vendors implement their RBAC settings differently than Microsoft. When you migrate from one to another, you run into a lot of issues and you have to be very careful about how that structure gets built, which prompted this recent project.

Let’s stick with the example of AWS. When you migrate your RBAC from AWS to Azure, there is a misalignment because AWS doesn’t have nearly as fine-grained control. You don’t have as much permission settings as Azure RBAC. Many times there will be too many people with too much permission. For example, you may have twenty admins who have too much control and you have to limit that list of admins to as few as possible. Or you may discover people with access to directories they shouldn’t have access to. Be aware of what the permissions are and make sure people don’t have access to places they don’t need to be. This goes back to the Zero Trust framework. Settle on the least permission needed to do your job. 

The issue comes from the fact that RBAC seems deceptively simple.

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Jeff Christman

Jeff Christman is a distinguished Navy Veteran boasting more than two decades of expertise in the Information Technology sector. He possesses a specialized focus on cloud migration projects, having contributed his skills to prestigious organizations including Raytheon, AT&T, and NASA. Presently, he holds the position of Senior Cloud Security Consultant at a prominent consulting firm. Beyond his professional endeavors, Jeff is an accomplished author and educator, developing and publishing content and courses for renowned platforms such as,, and

Outside of his professional pursuits, Jeff enjoys engaging in fantasy football, exploring advancements in technology, and playfully teasing his teenage daughters.

More about Jeff Christman