Azure AD Connect; PIM Manage role-based access control (RBAC) Create a custom role Provide access to Azure resources by assigning roles Subscriptions Resource groups Resources (VM, disk, etc.)  

