Azure permissions
This article lists the permissions for Azure resource providers, which are used in built-in roles. You can use these permissions in your own Azure custom roles to provide granular access control to resources in Azure. The permissions are always evolving. To get the latest permissions, use Get-AzProviderOperation or az provider operation list.
Click the resource provider name in the following list to see the list of permissions.
General
Resource provider | Description | Azure service |
---|---|---|
Microsoft.Addons | core | |
Microsoft.Capacity | core | |
Microsoft.Marketplace | core | |
Microsoft.MarketplaceOrdering | core | |
Microsoft.Quota | Azure Quotas | |
Microsoft.Subscription | core |
Compute
Resource provider | Description | Azure service |
---|---|---|
microsoft.app | Azure Container Apps | |
Microsoft.AppPlatform | A fully managed Spring Cloud service, built and operated with Pivotal. | Azure Spring Apps |
Microsoft.AVS | Azure VMware Solution | |
Microsoft.Batch | Cloud-scale job scheduling and compute management. | Batch |
Microsoft.ClassicCompute | Classic deployment model virtual machine | |
Microsoft.Compute | Access cloud compute capacity and scale on demand (such as virtual machines) and only pay for the resources you use. | Virtual Machines Virtual Machine Scale Sets |
Microsoft.ComputeSchedule | Azure Virtual Desktop | |
Microsoft.DesktopVirtualization | The best virtual desktop experience, delivered on Azure. | Azure Virtual Desktop |
Microsoft.ServiceFabric | Develop microservices and orchestrate containers on Windows or Linux. | Service Fabric |
Networking
Resource provider | Description | Azure service |
---|---|---|
Microsoft.Cdn | Ensure secure, reliable content delivery with broad global reach. | Content Delivery Network |
Microsoft.ClassicNetwork | Classic deployment model virtual network | |
Microsoft.MobileNetwork | Azure Private 5G Core | |
Microsoft.Network | Connect cloud and on-premises infrastructure and services to provide your customers and users the best possible experience. | Application Gateway Azure Bastion Azure DNS Azure ExpressRoute Azure FirewallAzure Private Link Azure Route Server Load Balancer Network Watcher Traffic Manager Virtual Network Virtual Network NAT Virtual WAN VPN Gateway |
Storage
Resource provider | Description | Azure service |
---|---|---|
Microsoft.ClassicStorage | Classic deployment model storage | |
Microsoft.DataShare | A simple and safe service for sharing big data with external organizations. | Azure Data Share |
Microsoft.ElasticSan | Azure Elastic SAN | |
Microsoft.NetApp | Enterprise-grade Azure file shares, powered by NetApp. | Azure NetApp Files |
Microsoft.Storage | Get secure, massively scalable cloud storage for your data, apps, and workloads. | Storage |
Microsoft.StorageCache | File caching and Lustre file system capabilities for high-performance computing (HPC). | Azure HPC Cache |
Microsoft.StorageSync | Storage |
Web and Mobile
Resource provider | Description | Azure service |
---|---|---|
Microsoft.CertificateRegistration | Allow an application to use its own credentials for authentication. | App Service Certificates |
Microsoft.DomainRegistration | App Service | |
Microsoft.Maps | Simple and secure location APIs provide geospatial context to data. | Azure Maps |
Microsoft.Media | Encode, store, and stream video and audio at scale. | Media Services |
Microsoft.SignalRService | Add real-time web functionalities easily. | Azure SignalR Service |
microsoft.web | Quickly create and deploy mission critical web apps at scale. | App Service Azure Functions |
Containers
Resource provider | Description | Azure service |
---|---|---|
Microsoft.ContainerInstance | Easily run containers on Azure without managing servers. | Container Instances |
Microsoft.ContainerRegistry | Store and manage container images across all types of Azure deployments. | Container Registry |
Microsoft.ContainerService | Accelerate your containerized application development without compromising security. | Azure Kubernetes Service (AKS) |
Microsoft.RedHatOpenShift | Azure Red Hat OpenShift |
Databases
Resource provider | Description | Azure service |
---|---|---|
Microsoft.Cache | Power applications with high-throughput, low-latency data access. | Azure Cache for Redis |
Microsoft.DBforMariaDB | Managed MariaDB database service for app developers. | Azure Database for MariaDB |
Microsoft.DBforMySQL | Managed MySQL database service for app developers. | Azure Database for MySQL |
Microsoft.DBforPostgreSQL | Managed PostgreSQL database service for app developers. | Azure Database for PostgreSQL |
Microsoft.DocumentDB | A NoSQL document database-as-a-service. | Azure Cosmos DB |
Microsoft.Sql | Managed, intelligent SQL in the cloud. | Azure SQL Database Azure SQL Managed Instance Azure Synapse Analytics |
Microsoft.SqlVirtualMachine | Host enterprise SQL Server apps in the cloud. | SQL Server on Azure Virtual Machines |
Analytics
Resource provider | Description | Azure service |
---|---|---|
Microsoft.AnalysisServices | Enterprise-grade analytics engine as a service. | Azure Analysis Services |
Microsoft.Databricks | Fast, easy, and collaborative Apache Spark-based analytics platform. | Azure Databricks |
Microsoft.DataFactory | Hybrid data integration at enterprise scale, made easy. | Data Factory |
Microsoft.DataLakeAnalytics | Distributed analytics service that makes big data easy. | Data Lake Analytics |
Microsoft.DataLakeStore | Highly scalable and cost-effective data lake solution for big data analytics. | Azure Data Lake Storage Gen2 |
Microsoft.HDInsight | Provision cloud Hadoop, Spark, R Server, HBase, and Storm clusters. | HDInsight |
Microsoft.Kusto | Service for storing and running interactive analytics over Big Data. | Azure Data Explorer |
Microsoft.PowerBIDedicated | Manage Power BI Premium dedicated capacities for exclusive use by an organization. | Power BI Embedded |
Microsoft.Purview | Microsoft Purview | |
Microsoft.Synapse | Azure Synapse Analytics |
AI + machine learning
Resource provider | Description | Azure service |
---|---|---|
Microsoft.BotService | Intelligent, serverless bot service that scales on demand. | Azure Bot Service |
Microsoft.CognitiveServices | Add smart API capabilities to enable contextual interactions. | Cognitive Services |
Microsoft.HealthBot | Azure AI Health Bot | |
Microsoft.MachineLearningServices | Enterprise-grade machine learning service to build and deploy models faster. | Machine Learning |
Microsoft.Search | Leverage search services and get comprehensive results. | Azure AI Search |
Internet of Things
Resource provider | Description | Azure service |
---|---|---|
Microsoft.Devices | Ensure that your users are accessing your resources from devices that meet your standards for security and compliance. | IoT Hub IoT Hub Device Provisioning Service |
Microsoft.DeviceUpdate | Device Update for IoT Hub | |
Microsoft.DigitalTwins | Azure Digital Twins | |
Microsoft.IoTCentral | Experience the simplicity of SaaS for IoT, with no cloud expertise required. | IoT Central |
Microsoft.IoTSecurity | IoT security | |
Microsoft.StreamAnalytics | Real-time data stream processing from millions of IoT devices. | Stream Analytics |
Mixed reality
Resource provider | Description | Azure service |
---|---|---|
Microsoft.MixedReality | Blend your physical and digital worlds to create immersive, collaborative experiences. | Azure Spatial Anchors |
Integration
Resource provider | Description | Azure service |
---|---|---|
Microsoft.ApiManagement | Easily build and consume Cloud APIs. | API Management |
Microsoft.AppConfiguration | Fast, scalable parameter storage for app configuration. | Azure App Configuration |
Microsoft.Communication | Azure Communication Services | |
Microsoft.EventGrid | Get reliable event delivery at massive scale. | Event Grid |
Microsoft.EventHub | Receive telemetry from millions of devices. | Event Hubs |
Microsoft.HealthcareApis | Azure API for FHIR | |
Microsoft.HealthDataAIServices | Azure Health Data Services | |
Microsoft.Logic | Automate the access and use of data across clouds without writing code. | Logic Apps |
Microsoft.NotificationHubs | Send push notifications to any platform from any back end. | Notification Hubs |
Microsoft.Relay | Expose services that run in your corporate network to the public cloud. | Azure Relay |
Microsoft.ResourceNotifications | Azure Event Grid | |
Microsoft.ServiceBus | Connect across private and public cloud environments. | Service Bus |
Microsoft.ServicesHub | Services Hub |
Identity
Resource provider | Description | Azure service |
---|---|---|
Microsoft.AAD | Join Azure virtual machines to a domain without domain controllers. | Microsoft Entra Domain Services |
microsoft.aadiam | ||
Microsoft.ADHybridHealthService | Robust monitoring of your on-premises identity infrastructure. | Microsoft Entra ID |
Microsoft.AzureActiveDirectory | Synchronize on-premises directories and enable single sign-on. | Azure Active Directory B2C |
Microsoft.ManagedIdentity | An automatically managed identity in Microsoft Entra ID that authenticates to any service that supports Microsoft Entra | Managed identities for Azure resources |
Security
Resource provider | Description | Azure service |
---|---|---|
Microsoft.AppComplianceAutomation | App Compliance Automation Tool for Microsoft 365 | |
Microsoft.DataProtection | Data Protection | |
Microsoft.KeyVault | Safeguard and maintain control of keys and other secrets. | Key Vault |
Microsoft.Security | Protect your enterprise from advanced threats across hybrid cloud workloads. | Security Center |
Microsoft.SecurityGraph | ||
Microsoft.SecurityInsights | Microsoft Sentinel |
Migration
Resource provider | Description | Azure service |
---|---|---|
Microsoft.DataBox | Move stored or in-flight data to Azure quickly and cost-effectively. | Azure Data Box |
Microsoft.DataBoxEdge | Appliances and solutions for data transfer to Azure and edge compute. | Azure Stack Edge |
Microsoft.DataMigration | Simplify on-premises database migration to the cloud. | Azure Database Migration Service |
Microsoft.Migrate | Easily discover, assess, right-size, and migrate your on-premises VMs to Azure. | Azure Migrate |
Microsoft.OffAzure | Azure Migrate |
Monitor
Resource provider | Description | Azure service |
---|---|---|
Microsoft.AlertsManagement | Analyze all of the alerts in your Log Analytics repository. | Azure Monitor |
Microsoft.Dashboard | Azure Managed Grafana | |
Microsoft.Insights | Full observability into your applications, infrastructure, and network. | Azure Monitor |
microsoft.monitor | Azure Monitor | |
Microsoft.OperationalInsights | Azure Monitor | |
Microsoft.OperationsManagement | A simplified management solution for any enterprise. | Azure Monitor |
Management and governance
Resource provider | Description | Azure service |
---|---|---|
Microsoft.Advisor | Your personalized Azure best practices recommendation engine. | Azure Advisor |
Microsoft.Authorization | Azure Policy Azure RBAC Azure Resource Manager |
|
Microsoft.Automation | Simplify cloud management with process automation. | Automation |
Microsoft.Billing | Manage your subscriptions and see usage and billing. | Cost Management + Billing |
Microsoft.BillingBenefits | Azure savings plans | |
Microsoft.Blueprint | Enabling quick, repeatable creation of governed environments. | Azure Blueprints |
Microsoft.Consumption | Programmatic access to cost and usage data for your Azure resources. | Cost Management |
Microsoft.CustomerLockbox | Interface for customers to review and approve or reject customer data access requests. | Customer Lockbox for Azure |
Microsoft.Features | Azure Resource Manager | |
Microsoft.GuestConfiguration | Audit settings inside a machine using Azure Policy. | Azure Policy |
Microsoft.Intune | Enable your workforce to be productive on all their devices, while keeping your organization's information protected. | |
Microsoft.Maintenance | Azure Maintenance | |
Microsoft.ManagedServices | Azure Lighthouse | |
Microsoft.Management | Use management groups to efficiently apply governance controls and manage groups of Azure subscriptions. | Management Groups |
Microsoft.PolicyInsights | Summarize policy states for the subscription level policy definition. | Azure Policy |
Microsoft.Portal | Build, manage, and monitor all Azure products in a single, unified console. | Azure portal |
Microsoft.RecoveryServices | Hold and organize backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. | Site Recovery |
Microsoft.ResourceGraph | Powerful tool to query, explore, and analyze your cloud resources at scale. | Azure Resource Graph |
Microsoft.ResourceHealth | Diagnose and get support for service problems that affect your Azure resources. | Azure Service Health |
Microsoft.Resources | Deployment and management service for Azure that enables you to create, update, and delete resources in your Azure subscription. | Azure Resource Manager |
Microsoft.Solutions | Find the solution to meet the needs of your application or business. | Azure Managed Applications |
Hybrid + multicloud
Resource provider | Description | Azure service |
---|---|---|
Microsoft.AzureStack | Build and run innovative hybrid applications across cloud boundaries. | Azure Stack |
Microsoft.AzureStackHCI | Azure Stack HCI | |
Microsoft.ExtendedLocation | Custom locations | |
Microsoft.HybridCompute | Azure Arc | |
Microsoft.HybridConnectivity | ||
Microsoft.HybridContainerService | ||
Microsoft.Kubernetes | Azure Arc-enabled Kubernetes | |
Microsoft.KubernetesConfiguration | Azure Arc-enabled Kubernetes | |
Microsoft.ResourceConnector |