Azure Custom Role – Join VM to vNet


Alot of companies need to address their security by avoiding to much permissions and as a consultant I don’t want to have more permissions then I need to get the work done.

Here is how we use PowerShell to extract up to date permissions from Azure.

Extract to a file:

An example is joining a virtual machine to a vNet, without having permission to the Resource Goup or vNet Resource, but we need to allow them to use the network for hosting applications:

We will use JSON code to create the custom role, and import the custom role using PowerShell.

To import using PowerShell save the code to a .json file and:

Now to wrap this up, we need to assign that role to a resource and group/user:

But, there is a glitch in this matrix, this only work when creating a new VM. Not if your recovering from backup in Recovery Services Vault.

Please let me know when Microsoft fixes this :)

Leave a Comment