Managing Azure Identities

Managing Azure Identities is a foundational pillar of cloud administration focused on controlling who can access Azure resources and how those resources are organized, secured, and governed across an organization. Unlike traditional on-premises identity management that relies on local directory services and manual access controls, Azure's identity and governance framework provides centralized, scalable mechanisms to manage users, enforce policies, and maintain compliance across cloud environments.

At its core, this discipline works by combining identity services like Microsoft Entra ID, role-based access control (RBAC), and governance tools (such as Azure Policy, resource locks, and management groups), to ensure that the right users have the right access to the right resources. Typical tasks include managing users and groups, configuring access permissions, implementing subscription and resource governance, and applying policies that enforce rules across Azure environments.

For the AZ-104 certification exam, students must demonstrate practical competency in managing identities and governance in Azure, specifically the ability to create and configure Microsoft Entra ID users and groups, assign RBAC roles at various scopes, manage Azure subscriptions (including management groups and resource tags), and apply Azure Policy definitions to enforce organizational standards.