Tackle the Microsoft Azure Security Challenge 2025 – Secure Your Spot as an AZ-500 Pro!

Using a custom role for permission delegation in Azure is a flexible feature that allows organizations to define a set of specific permissions tailored to their needs. Custom roles can be applied not just at the subscription level but also at the resource group level and even to individual resources, depending on the needs of the organization and its security requirements.

The correct choice indicates that custom roles can be used primarily within the bounds of the Azure Active Directory (Azure AD) tenant, which is associated with the domain, such as contoso.com. However, custom roles are not restricted to just a single domain. They can be implemented across various scopes, including resource groups and subscriptions within that tenant.

In this context, it is important to recognize that custom roles offer a broad range of applications and can be utilized more extensively than just a single domain. They can effectively manage permissions across different resources and subscriptions as long as they fall under the Azure AD tenant's governance.

Custom roles empower organizations to create a fine-tuned permission model that adheres to the principle of least privilege, thereby enhancing security and operational efficiency. This capability to use custom roles across multiple scopes results in a more robust and adaptable security posture for managing access rights.