Azure Administrative Unit, what is it? And how to use it!
Remember the good old days with Active Directory Organizational Units? We where missing this in Azure AD, but it has finally arrived in Azure AD. Especially in bigger organizations you want to divide the organization in different units. Within each administrative unit you can delegate permissions to administrators of each unit so they could control access, manage users and set policies only in their own Administrative unit.
Requirements:
- Administrative Unit Administrators need to have a Azure AD Premium P1 or P2 license
- Administrative Unit members need to have Azure AD Free licenses
Before we can continue, make sure that you have the Priviliged Administator or Global administrator role.
Follow the steps below to implement administrative units.
STEP 1: Go to the Azure Portal
STEP 2: Go to Azure Ad, and select Administrative units
STEP 3: Click on the Add button on top of the page
STEP 4: Fill in the name and description of your new administrative unit
STEP 5: Assign Roles
In this step you can assign admin roles to admins who will have the authorization for this administrative unit. For example, you can grant a Dutch Helpdesk Employee to reset passwords on this administrative unit. Click on Review + create to complete the unit.
STEP 6: Now you can add users, groups and roles and administrators to administrative unit.
That’s it!