Home › Azure AZ-500 › cloudcomputing › az500identityaccess › Which Microsoft Entra ID feature lets an admin d…
Which Microsoft Entra ID feature lets an admin define a custom role with EXACTLY the actions and notActions needed — not just a built-in role like Reader or Contributor?
ASharing the Owner password
BCustom Azure roles (defined as JSON with permitted actions / dataActions / notActions and a scope list)
CPer-resource manual ACL editing each Monday
DDisabling RBAC
Answer & Solution
Correct answer: B. Custom Azure roles (defined as JSON with permitted actions / dataActions / notActions and a scope list)
Custom roles are the precision-scope primitive (per AZ-500 §1 custom roles). The others are anti-patterns.
Related questions
Which Microsoft Entra ID feature lets a security engineer detect risky user behaviour (impWhich Microsoft Entra capability lets an admin enforce per-user MFA via a Conditional AcceWhich Microsoft Entra ID feature lets a developer register an app and obtain a CLIENT ID aWhich Azure / Microsoft Entra feature lets an admin enforce 'block sign-in from countries Which Microsoft Entra ID feature lets an admin enforce 'every privileged role activation mWhich Microsoft Entra ID feature should an admin use to require user CONSENT to specific OWhich Azure resource feature lets an Azure VM / App Service / Function App authenticate toWhich Microsoft Entra ID construct represents the identity of a non-human workload (an app