Access management in Azure is about controlling who can do what, on which resource, and at what scope. In a cloud environment, resources are highly interconnected, and misconfigured permissions are one of the most common causes of security incidents. This module focuses on ensuring that access is intentional, minimal, and auditable.
Azure achieves this primarily through Azure role-based access control (Azure RBAC). Instead of giving broad permissions, you assign roles that contain only the permissions required to perform a task. These roles can be applied to users, groups, applications, or managed identities, and they can be scoped very narrowly.
Beyond human users, modern cloud solutions rely heavily on applications and services talking to each other. These applications also need access to resources like storage accounts, databases, and Key Vault. Managing secrets for these apps manually is risky and error-prone. For this reason, Azure provides managed identities, which remove the need to store credentials entirely.
This module also introduces Azure Key Vault for protecting secrets, keys, and certificates, and Microsoft Entra Permission Management, which helps organizations discover and reduce excessive permissions across cloud environments.