The billing unit of Azure Services that aggregates all the costs of the underlying resources. - ✔✔Azure
Subscriptions
An identity in Azure Active
... [Show More] Directory (AAD) or a directory that is trusted by AAD, such as a work or
school organization. - ✔✔Azure Accounts
Also known as the account owner, this person is responsible for paying the subscription bill to Microsoft
when it is due. Normally, this user has financial responsibilities in your company such as CFO, Accounts
Payable Lead etc. - ✔✔Account Administrator
Also known as the Service Owner. This user manages the services that run in Windows Azure. They will
have access to and uses the Window Azure Developer Portal or Service Management API to orchestrate
the applications and data running in Azure. Normally, the user is a developer, system administrator, or
other IT person responsible for IT services in your company. - ✔✔Service Administrator
When an enterprise becomes to large for a single Service Administrator, the Service Administrator can
create this role for other IT administrators to help them out. They will have complete access to the
subscription services. They can even add or delete other users in the same role. However, they cannot
remove the Service Owner nor do they have access to payment/billing information. - ✔✔CoAdministrators
The Microsoft recommended way to manage the permissions of your resources. However this will not
work with Azure's classic deployment model. - ✔✔Role-Based Access Control
Global Administrator - ✔✔Users who are assigned this role can read and modify every administrative
setting in your Azure AD organization. By default this role is given to the user that signed up for the
Azure subscription. It is one of the two roles that has an ability to delegate administrator roles. To
reduce the risk to your business, it is recommended by Microsoft that you assign this role to the fewest
possible people in your organization.
Application Developer - ✔✔Users in this role can create application registrations when the "Users can
register applications" setting is set to No. This role also grants permission to consent on one's own
behalf when the "Users can consent to apps accessing company data on their behalf" setting is set to
No. Users assigned to this role are added as owners when creating new application registrations or
enterprise applications.
Application Administrator - ✔✔This role grants the ability to manage application credentials. Users
assigned this role can add credentials to an application, and use those credentials to impersonate the
application's identity.
Authentication Administrator - ✔✔Users with this role can set or reset non-password credentials and
can update passwords for all users. Authentication Administrators can require users to re-register
against existing non-password credential [Show Less]