// Automate Azure Role Based Access Control (RBAC) using Github

Managing Azure Role-Based Access Control (RBAC) manually is one of those governance problems that scales badly — custom role definitions drift, changes lack audit trails, and there is no systematic way to review or approve modifications. In this episode, Chris is joined by Marcel Lupo, DevOps MVP and Solutions Architect at Avanade, who demonstrates a practical approach to automating the entire RBAC role definition lifecycle using GitHub Actions.

This is not a typical “developers building applications” GitHub story. Marcel focuses on the operational and governance angle: treating Azure RBAC definitions as code, version-controlled in a GitHub repository, with automated CI/CD pipelines to deploy and maintain them. The same composable, public reusability that makes GitHub Actions powerful for application development makes it equally powerful for infrastructure governance.

Key topics covered:

• Why GitHub is a natural fit for governance and security automation, not just application code
• Treating custom RBAC role definitions as code: version-controlled, auditable, and reviewed via pull requests
• Using GitHub Actions workflows as reusable, composable automation units — similar to Azure DevOps pipeline templates but open and shareable
• How this pattern supports enterprise governance requirements and eliminates configuration drift
• Marcel’s practical experience implementing GitOps-style governance for Azure security at scale

If you want to apply Infrastructure as Code and GitOps principles to your Azure security posture, this session gives you a concrete, low-barrier pattern using tools your team likely already uses.