How do I install azure-rbac?

Run `npx skills add https://github.com/microsoft/GitHub-Copilot-for-Azure --skill azure-rbac` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does azure-rbac support?

azure-rbac works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is azure-rbac free to use?

Yes. azure-rbac is free to install and use. It is available from the open Skills registry published by microsoft.

Cloudofficial

azure-rbac▌

Name: azure-rbac
Availability: InStock
Author: microsoft

microsoft/GitHub-Copilot-for-Azure · updated Apr 8, 2026

$npx skills add https://github.com/microsoft/GitHub-Copilot-for-Azure --skill azure-rbac

summary

Find minimal Azure RBAC roles, generate assignment commands, and provide Bicep infrastructure code.

›Identifies built-in roles matching desired permissions using Azure documentation, or generates custom role definitions when no built-in role fits
›Produces Azure CLI commands and Bicep code snippets for role assignments to identities, managed identities, and service principals
›Documents prerequisites for granting roles, including required permissions and recommended least-privilege role

skill.md

23:T4cb,Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:

<h2>Prerequisites for Granting Roles</h2> To assign RBAC roles to identities, you need a role that includes the <code>Microsoft.Authorization/roleAssignments/write</code> permission. The most common roles with this permission are: <ul> <li>User Access Administrator (least privilege - recommended for role assignment only)</li> <li>Owner (full access including role assignment)</li> <li>Custom Role with <code>Microsoft.Authorization/roleAssignments/write</code></li> </ul>1d:["$","div",null,{"className":"prose prose-invert max-w-none prose-headings:font-semibold prose-headings:tracking-tight prose-h1:text-4xl prose-h1:mb-2 prose-h2:text-2xl prose-h2:mb-2 prose-h3:text-lg prose-h3:mb-2 prose-p:text-muted-foreground prose-li:text-muted-foreground prose-code:bg-muted prose-code:text-foreground prose-code:px-1 prose-code:py-0.5 prose-code:rounded-sm prose-code:text-sm prose-code:before:content-none prose-code:after:content-none prose-pre:bg-muted prose-pre:text-foreground prose-pre:border prose-pre:border-border prose-pre:rounded-md [&_table]:!border-[color:var(--border)] [&_th]:!border-[color:var(--border)] [&_td]:!border-[color:var(--border)]","dangerouslySetInnerHTML":{"__html":"$23"}}] 18:[["$","meta","0",{"charSet":"utf-8"}],["$","meta","1",{"name":"viewport","content":"width=device-width, initial-scale=1"}]] 16:null