Azure Policy built-in definitions for Azure RBAC
This page is an index of Azure Policy built-in policy definitions for Azure RBAC. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.
The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.
| Name (Azure portal) |
Description | Effect(s) | Version (GitHub) |
|---|---|---|---|
| Audit usage of custom RBAC rules | Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling | Audit, Disabled | 1.0.0 |
| Custom subscription owner roles should not exist | This policy ensures that no custom subscription owner roles exist. | Audit, Disabled | 2.0.0 |
- See the built-ins on the Azure Policy GitHub repo.
- Review the Azure Policy definition structure.
- Review Understanding policy effects.