Role-Based Access Control — Solving Microsoft 365

Role-Based Access Control (RBAC) is the pattern of granting access via named roles rather than direct per-user permissions. In Microsoft 365, RBAC appears in many places: Entra ID admin roles (Global Administrator, User Administrator, dozens more) for tenant administration, Defender XDR roles for security operations, Purview roles for compliance, SharePoint site roles (Owners, Members, Visitors), Power Platform environment roles, Intune RBAC roles. Each role bundles specific permissions; assigning a user to a role grants those permissions. Combined with administrative units and PIM, RBAC provides scoped, time-bound, audit-friendly delegation. The right model for managing many users with many access scopes.