diff --git a/cluster/azure.md b/cluster/azure.md
index fa50d9c74f..b167cb6671 100644
--- a/cluster/azure.md
+++ b/cluster/azure.md
@@ -12,6 +12,8 @@ title: Get started with Docker Cluster on Azure
   - Service Principal App Secret
   - Subscription UUID
   - Tenant UUID
+- Organizations wishing to provision roles with explicit permissions should refer to [custom roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles) 
+and [Azure Permissions](https://github.com/kubernetes/cloud-provider-azure/blob/master/docs/azure-permissions.md) for more information.
 
 More information can be found on obtaining these with either the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) or through the [Azure Portal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal).