Managing administrative units– Planning and Managing Roles in Microsoft 365

03/07/202203/07/2022| Christine AlbertManaging administrative units– Planning and Managing Roles in Microsoft 365| 0 Comment| 3:39 am
Categories :

Administrative units are collections of users and devices that can be delegated to certain administrators. In on-premises AD, you can choose to delegate control of administrative functions, using the delegation of Control Wizard in Active Directory Users and Computers or the Active Directory Administrative Center. Unlike on-premises AD, Azure AD is not hierarchical. The delegation must be achieved by defining boundaries and then controlling which users or devices are placed inside the boundaries.
Administrative units can be role-scoped – that is, administrators can both be granted administrative roles (such as Helpdesk Administrator) and be limited to administrative tasks only for assigned administrative units.
Creating administrative units
In the following example, we’ll create an administrative unit called California that will be used to hold users in that region. During creation, we’ll configure administrators to be able to perform role-scoped activities inside that administrative unit:

  1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com) and log in with a Global Administrator credential.
  2. Expand Roles | Role assignments and click Administrative units.

Figure 6.5 – The Administrative units page

  1. Click Add unit.
  2. On the Basics page, enter a name and description, and then click Next.

Figure 6.6 – The Basics page

  1. On the Optional settings | Add members page, you can add members to the administrative unit or click Next to proceed.

Figure 6.7 – The Add members page

  1. On the Assign admins to scoped roles page, review the roles listed. Not all roles can be scoped to administrative units. In this example, select the checkbox next to User Administrator, and then click the role name itself.

Figure 6.8 – Adding roles

  1. On the User Administrator flyout, click the Assigned tab.

Figure 6.9 – The User Administrator flyout

  1. Click Add users or Add groups to assign administrators to this role. Click Close when finished.

Figure 6.10 – Adding users to a role

  1. On the Assign admins to scoped roles page, click Next.
  2. On the Review and finish page, review your selections, make any changes, and then click Add.
  3. Click Done to return to the Administrative units page.
    One of the features of role-scoped administration is being able to limit what users or objects can be impacted by a particular administrator. As you saw during the configuration, only a subset of the roles available in the tenant honor administrative unit scoping.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Understanding roles– Planning and Managing Roles in Microsoft 365

22/10/202122/10/2021 Christine AlbertUnderstanding roles– Planning and Managing Roles in Microsoft 365
In the previous chapter, you became familiar with provisioning and managing identities. In this chapter, [...]
Read MoreRead More

Alerting– Planning and Managing Roles in Microsoft 365

23/11/202223/11/2022 Christine AlbertAlerting– Planning and Managing Roles in Microsoft 365
PIM also has built-in alerting functions. The alerts are designed to provide notifications if certain [...]
Read MoreRead More

Microsoft Authenticator app– Planning and Implementing Authentication

29/05/202329/05/2023 Christine AlbertMicrosoft Authenticator app– Planning and Implementing Authentication
Many administrators and users are already familiar with the Microsoft Authenticator mobile device app, using [...]
Read MoreRead More