{"id":1062,"date":"2021-01-04T09:00:00","date_gmt":"2021-01-04T08:00:00","guid":{"rendered":"https:\/\/www.ituziast.com\/?p=1062"},"modified":"2021-09-15T09:33:52","modified_gmt":"2021-09-15T08:33:52","slug":"overview-of-azure-ad-administrative-units","status":"publish","type":"post","link":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/","title":{"rendered":"Overview of Azure AD Administrative Units"},"content":{"rendered":"\n<p>Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD) admin roles. One of the ways how you can delegate administrative roles is Azure Active Directory Administrative Units.<\/p>\n\n\n\n<p>Assigning least possible administrative privileges to users. As result of that, they can access their applications and do their job.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Centralized or delegated permissions?<\/h3>\n\n\n\n<p>As an organization grows, it can be difficult to keep track of which users have specific admin roles. Attackers who get control of privileged accounts can do tremendous damage. Azure has certain Baseline Polices, that enable protection. This policy enforces multi-factor (MFA) authentication on privileged Azure AD accounts. Azure AD roles covered by this policy are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Global Administrator<\/li><li>Groups Administrator<\/li><li>Helpdesk Administrator<\/li><li>License Administrator<\/li><li>Password Administrator<\/li><li>User Administrator<\/li><\/ul>\n\n\n\n<p>How many administrators you have and how granular their permissions are, closely relate to the size and complexity of the environment. The scenarios are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Small proof-of-concept (PoC):<\/strong> one or few administrators do everything. In this case, each one of them is assigned <strong>Global Admin<\/strong> role.<\/li><li><strong>Larger deployment with more machines, applications and desktops:<\/strong> several administrators have more specific functional roles. For example, some could be <strong>Application<\/strong> <strong>Administrators<\/strong>, <strong>Security<\/strong> <strong>Administrators<\/strong>.<\/li><li><strong>Enterprise deployments:<\/strong> complex, hybrid environment will require more granular permissions, as well as some unconventional or hybrid assignments.<\/li><\/ul>\n\n\n\n<p>As a result of this, developing delegating model that fits your needs is important. Recommended steps for this, would be:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Define the roles you need<\/li><li>Delegate app administration<\/li><li>Grant the ability to register applications<\/li><li>Delegate app ownership<\/li><li>Develop a security plan<\/li><li>Establish emergency accounts<\/li><li>Secure your administrator roles<\/li><li>Make privileged elevation temporary<\/li><\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>More info: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/roles\/concept-delegation?WT.mc_id=ES-MVP-5002880\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Active Directory Roles delegation<\/a><\/p><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">What are Azure AD Administrative Units?<\/h3>\n\n\n\n<p>It is an Azure Ad resource that serves as container for other Azure AD resources (only users and groups). Administrative units restrict permissions in a role to any portion of your organization that you define.<\/p>\n\n\n\n<p>They are useful to restrict administrative scope in organizations made up of independent divisions. Examples can be Universities, Government institutions, international companies, etc.<\/p>\n\n\n\n<p>To use them, you need <strong>Azure Active Directory Premium<\/strong> license for each administrative unit admin, and at least Azure Active Directory Free licenses for the members.<\/p>\n\n\n\n<p>The administrator, that will create them, work with users and groups, and assign scoped administrator roles to other users must be <strong>Global<\/strong> <strong>Administrator<\/strong> or a <strong>Privileged<\/strong> <strong>Role<\/strong> <strong>Administrator<\/strong>.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>More info: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/fundamentals\/active-directory-get-started-premium?WT.mc_id=ES-MVP-5002880\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Active Directory Premium<\/a><\/p><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Planning and Managing Azure AD Administrative Units<\/h3>\n\n\n\n<p>You can use administrative units to logically group Azure AD resources. An organization whose IT department is scattered (locally or globally) would create these units that define relevant geographical boundaries. Another scenario would be in case we have sub organization structure with some form of semi autonomy. The Administrative Units will represent individual entity &#8211; sub organization.<\/p>\n\n\n\n<p>Administrative units are a common way to define structure across Microsoft 365 services. Scoped administrators can use Azure AD or Microsoft 365 portal for basic management of users and groups, as well as PowerShell, Microsoft Graph for more advanced operations.<\/p>\n\n\n\n<p>As far as the supported scenarios goes, its like this:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit1.jpg\" alt=\"\" class=\"wp-image-1064 no-lazyload\" width=\"710\" height=\"254\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit1.jpg 947w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit1-300x107.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit1-768x274.jpg 768w\" sizes=\"(max-width: 710px) 100vw, 710px\" \/><figcaption>Administrative Unit management supported options<\/figcaption><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit2.jpg\" alt=\"\" class=\"wp-image-1065 no-lazyload\" width=\"704\" height=\"184\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit2.jpg 939w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit2-300x78.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit2-768x200.jpg 768w\" sizes=\"(max-width: 704px) 100vw, 704px\" \/><figcaption>User Management supported options<\/figcaption><\/figure><\/div>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit3.jpg\" alt=\"\" class=\"wp-image-1066 no-lazyload\" width=\"710\" height=\"142\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit3.jpg 946w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit3-300x60.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit3-768x153.jpg 768w\" sizes=\"(max-width: 710px) 100vw, 710px\" \/><figcaption>Groups management supported options<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Working with Azure AD Administrative Units<\/h3>\n\n\n\n<p>Azure Administrative units can be created in the Azure Portal,  with PowerShell, or Microsoft Graph. For Cloud Shell,  you will need active Azure Subscription.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>New-AzureADMSAdministrativeUnit -Description \"IT admin group North\" -DisplayName \"North Region Admins\"\n\nNew-AzureADMSAdministrativeUnit -Description \"IT admin group South\" -DisplayName \"South Region Admins\"\n<\/code><\/pre>\n\n\n\n<p>These commands will create two Administrative Units \u2013 <strong>IT Admin group North<\/strong> and <strong>IT Admin group North South<\/strong> (as shown on the picture below).<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit4.jpg\" alt=\"\" class=\"wp-image-1067 no-lazyload\" width=\"941\" height=\"257\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit4.jpg 941w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit4-300x82.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit4-768x210.jpg 768w\" sizes=\"(max-width: 941px) 100vw, 941px\" \/><figcaption>Creating Administrative Unit with PowerShell<\/figcaption><\/figure><\/div>\n\n\n\n<p>Now you can add users and\/or groups, as part of the administrative unit, and then assign administrative roles. There is possibility to download CSV file and perform bulk operations.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit5-1024x312.jpg\" alt=\"\" class=\"wp-image-1068 no-lazyload\" width=\"1024\" height=\"312\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit5-1024x312.jpg 1024w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit5-300x91.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit5-768x234.jpg 768w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit5.jpg 1185w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Managing Administrative Units trough Azure portal<\/figcaption><\/figure><\/div>\n\n\n\n<p>Out of the group properties, you can change the name and description. Object ID is unique and assigned at the time of creation.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit6.jpg\" alt=\"\" class=\"wp-image-1069 no-lazyload\" width=\"444\" height=\"270\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit6.jpg 592w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit6-300x182.jpg 300w\" sizes=\"(max-width: 444px) 100vw, 444px\" \/><figcaption>Administrative Unit Properties<\/figcaption><\/figure><\/div>\n\n\n\n<p>Once you assign the users and\/or groups, as part of the Administrative Unit, you can assign roles to specific objects.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit7-1024x312.jpg\" alt=\"\" class=\"wp-image-1070 no-lazyload\" width=\"1024\" height=\"312\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit7-1024x312.jpg 1024w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit7-300x91.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit7-768x234.jpg 768w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit7.jpg 1517w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Available Role assignments for Administrative Units<\/figcaption><\/figure><\/div>\n\n\n\n<p>Role assignment functions same as <strong>Privileged<\/strong> <strong>Identity<\/strong> <strong>Management<\/strong> process. Based on selected <strong>Role<\/strong>, the user or group we <strong>Add<\/strong> <strong>assignments. <\/strong>In short, the scope is fixed to the Administrative unit selected (<strong>North Region Admins)<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit8.jpg\" alt=\"\" class=\"wp-image-1071 no-lazyload\" width=\"403\" height=\"520\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit8.jpg 537w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit8-232x300.jpg 232w\" sizes=\"(max-width: 403px) 100vw, 403px\" \/><figcaption>Membership setting in Administrative Unit &#8220;North Region Admins&#8221;<\/figcaption><\/figure><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong>More info: <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/privileged-identity-management\/pim-how-to-add-role-to-user?tabs=new#assign-a-role-with-restricted-scope?WT.mc_id=ES-MVP-5002880\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Active Directory Privileged Identity Management<\/a><\/strong><\/p><\/blockquote>\n\n\n\n<p>Security principals, that can be assigned to a role within an administrative unit scope, are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Users<\/li><li>Role-assignable cloud groups (preview)<\/li><li>Service Principal Name (SPN)<\/li><\/ul>\n\n\n\n<p>Adding a group, does not mean that its members will be assigned a role automatically. Security groups themselves can be members of resource scopes. This brings those groups within the management scope of the user administrators for that Administrative Unit.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit9-1024x195.jpg\" alt=\"\" class=\"wp-image-1072 no-lazyload\" width=\"1024\" height=\"195\" srcset=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit9-1024x195.jpg 1024w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit9-300x57.jpg 300w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit9-768x146.jpg 768w, https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/adminunit9.jpg 1506w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Assigning groups that can be managed by the assigned administrators<\/figcaption><\/figure><\/div>\n\n\n\n<p>The Administrative units will work only for Azure AD objects, not B2C organizations.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Some features like <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/enterprise-users\/groups-members-owners-search?WT.mc_id=ES-MVP-5002880\">Search groups and members<\/a>, for which you can opt-in. More information can be found on the link.<\/p><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>This feature is definite win, in improving the security and administrative operations within a Azure AD tenant, combined with Microsoft 365 services<\/p>\n\n\n\n<p>It helps distributed organizations assign appropriate roles to group of resources (users or groups), bound within specific administrative roles.<\/p>\n\n\n\n<p>For additional information, visit the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/roles\/administrative-units?WT.mc_id=ES-MVP-5002880\">Microsoft Doc<\/a> page.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD) admin roles. One of the ways how you can delegate administrative roles <a class=\"mh-excerpt-more\" href=\"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/\" title=\"Overview of Azure AD Administrative Units\">[&#8230;]<\/a><\/div>\n","protected":false},"author":2,"featured_media":1082,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,63],"tags":[101,100,99,105,102,103,104,15],"coauthors":[],"class_list":{"0":"post-1062","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-azure","8":"category-cloud","9":"tag-administrative-units","10":"tag-azure-active-directory","11":"tag-azure-ad","12":"tag-microsoft-365","13":"tag-microsoft-azure","14":"tag-secops","15":"tag-secuirty-operations","16":"tag-security"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\r\n<title>Overview of Azure AD Administrative Units - ITuziast<\/title>\r\n<meta name=\"description\" content=\"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)\" \/>\r\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\r\n<link rel=\"canonical\" href=\"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/\" \/>\r\n<meta property=\"og:locale\" content=\"en_US\" \/>\r\n<meta property=\"og:type\" content=\"article\" \/>\r\n<meta property=\"og:title\" content=\"Overview of Azure AD Administrative Units - ITuziast\" \/>\r\n<meta property=\"og:description\" content=\"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)\" \/>\r\n<meta property=\"og:url\" content=\"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/\" \/>\r\n<meta property=\"og:site_name\" content=\"ITuziast\" \/>\r\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ITuziast\" \/>\r\n<meta property=\"article:author\" content=\"https:\/\/bsky.app\/profile\/grozdanovd.bsky.social\" \/>\r\n<meta property=\"article:published_time\" content=\"2021-01-04T08:00:00+00:00\" \/>\r\n<meta property=\"article:modified_time\" content=\"2021-09-15T08:33:52+00:00\" \/>\r\n<meta property=\"og:image\" content=\"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg\" \/>\r\n\t<meta property=\"og:image:width\" content=\"626\" \/>\r\n\t<meta property=\"og:image:height\" content=\"300\" \/>\r\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\r\n<meta name=\"author\" content=\"Dimitar Grozdanov\" \/>\r\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\r\n<meta name=\"twitter:creator\" content=\"@grozdanovd\" \/>\r\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dimitar Grozdanov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\r\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/\"},\"author\":{\"name\":\"Dimitar Grozdanov\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#\\\/schema\\\/person\\\/8596bb127b83987935c0355c8ed6130c\"},\"headline\":\"Overview of Azure AD Administrative Units\",\"datePublished\":\"2021-01-04T08:00:00+00:00\",\"dateModified\":\"2021-09-15T08:33:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/\"},\"wordCount\":888,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/cyber-security-digital-data-protection-concept_31965-4040.jpg\",\"keywords\":[\"Administrative Units\",\"Azure Active Directory\",\"Azure AD\",\"Microsoft 365\",\"Microsoft Azure\",\"SecOps\",\"Secuirty Operations\",\"Security\"],\"articleSection\":[\"Azure\",\"Cloud\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/\",\"url\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/\",\"name\":\"Overview of Azure AD Administrative Units - ITuziast\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/cyber-security-digital-data-protection-concept_31965-4040.jpg\",\"datePublished\":\"2021-01-04T08:00:00+00:00\",\"dateModified\":\"2021-09-15T08:33:52+00:00\",\"description\":\"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/cyber-security-digital-data-protection-concept_31965-4040.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/cyber-security-digital-data-protection-concept_31965-4040.jpg\",\"width\":626,\"height\":300,\"caption\":\"Cyber security digital data protection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/2021\\\/01\\\/04\\\/overview-of-azure-ad-administrative-units\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.ituziast.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Overview of Azure AD Administrative Units\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#website\",\"url\":\"https:\\\/\\\/www.ituziast.com\\\/\",\"name\":\"ITuziast\",\"description\":\"Bits and Bytes of Technology\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.ituziast.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#organization\",\"name\":\"ITuziast\",\"url\":\"https:\\\/\\\/www.ituziast.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/ituziast-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.ituziast.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/ituziast-logo.png\",\"width\":512,\"height\":512,\"caption\":\"ITuziast\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ITuziast\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.ituziast.com\\\/#\\\/schema\\\/person\\\/8596bb127b83987935c0355c8ed6130c\",\"name\":\"Dimitar Grozdanov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=gb1156e7caf65275f1df79df9ad892041\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=g\",\"caption\":\"Dimitar Grozdanov\"},\"description\":\"Engineer. 25+ years \u201cin the field\u201d. Cloud Solution Architect. Microsoft 365 MVP. Trainer. Co-founder\\\/Supporter of Tech Communities. Speaker. Blogger. Parent. Passionate about craft beer and hanging out with family and friends.\",\"sameAs\":[\"https:\\\/\\\/mvp.microsoft.com\\\/en-us\\\/PublicProfile\\\/5002880?fullName=Dimitar%20Grozdanov\",\"https:\\\/\\\/bsky.app\\\/profile\\\/grozdanovd.bsky.social\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/dimitar-grozdanov\\\/\",\"https:\\\/\\\/x.com\\\/grozdanovd\",\"https:\\\/\\\/www.youtube.com\\\/@dimitargrozdanov\"],\"url\":\"https:\\\/\\\/www.ituziast.com\\\/index.php\\\/author\\\/grozdanovd\\\/\"}]}<\/script>\r\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Overview of Azure AD Administrative Units - ITuziast","description":"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/","og_locale":"en_US","og_type":"article","og_title":"Overview of Azure AD Administrative Units - ITuziast","og_description":"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)","og_url":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/","og_site_name":"ITuziast","article_publisher":"https:\/\/www.facebook.com\/ITuziast","article_author":"https:\/\/bsky.app\/profile\/grozdanovd.bsky.social","article_published_time":"2021-01-04T08:00:00+00:00","article_modified_time":"2021-09-15T08:33:52+00:00","og_image":[{"width":626,"height":300,"url":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg","type":"image\/jpeg"}],"author":"Dimitar Grozdanov","twitter_card":"summary_large_image","twitter_creator":"@grozdanovd","twitter_misc":{"Written by":"Dimitar Grozdanov","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#article","isPartOf":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/"},"author":{"name":"Dimitar Grozdanov","@id":"https:\/\/www.ituziast.com\/#\/schema\/person\/8596bb127b83987935c0355c8ed6130c"},"headline":"Overview of Azure AD Administrative Units","datePublished":"2021-01-04T08:00:00+00:00","dateModified":"2021-09-15T08:33:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/"},"wordCount":888,"commentCount":0,"publisher":{"@id":"https:\/\/www.ituziast.com\/#organization"},"image":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg","keywords":["Administrative Units","Azure Active Directory","Azure AD","Microsoft 365","Microsoft Azure","SecOps","Secuirty Operations","Security"],"articleSection":["Azure","Cloud"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/","url":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/","name":"Overview of Azure AD Administrative Units - ITuziast","isPartOf":{"@id":"https:\/\/www.ituziast.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#primaryimage"},"image":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg","datePublished":"2021-01-04T08:00:00+00:00","dateModified":"2021-09-15T08:33:52+00:00","description":"Any organizational growth implies complexity. One common approach is to reduce some of the workload of access management with Azure Active Directory (AD)","breadcrumb":{"@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#primaryimage","url":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg","contentUrl":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/12\/cyber-security-digital-data-protection-concept_31965-4040.jpg","width":626,"height":300,"caption":"Cyber security digital data protection"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ituziast.com\/index.php\/2021\/01\/04\/overview-of-azure-ad-administrative-units\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ituziast.com\/"},{"@type":"ListItem","position":2,"name":"Overview of Azure AD Administrative Units"}]},{"@type":"WebSite","@id":"https:\/\/www.ituziast.com\/#website","url":"https:\/\/www.ituziast.com\/","name":"ITuziast","description":"Bits and Bytes of Technology","publisher":{"@id":"https:\/\/www.ituziast.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ituziast.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ituziast.com\/#organization","name":"ITuziast","url":"https:\/\/www.ituziast.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ituziast.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/09\/ituziast-logo.png","contentUrl":"https:\/\/www.ituziast.com\/wp-content\/uploads\/2020\/09\/ituziast-logo.png","width":512,"height":512,"caption":"ITuziast"},"image":{"@id":"https:\/\/www.ituziast.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ITuziast"]},{"@type":"Person","@id":"https:\/\/www.ituziast.com\/#\/schema\/person\/8596bb127b83987935c0355c8ed6130c","name":"Dimitar Grozdanov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=gb1156e7caf65275f1df79df9ad892041","url":"https:\/\/secure.gravatar.com\/avatar\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/970f950d69334bef706f381f8022be295b3e85d8d3214f8b5cd6fcc0e7cad338?s=96&d=mm&r=g","caption":"Dimitar Grozdanov"},"description":"Engineer. 25+ years \u201cin the field\u201d. Cloud Solution Architect. Microsoft 365 MVP. Trainer. Co-founder\/Supporter of Tech Communities. Speaker. Blogger. Parent. Passionate about craft beer and hanging out with family and friends.","sameAs":["https:\/\/mvp.microsoft.com\/en-us\/PublicProfile\/5002880?fullName=Dimitar%20Grozdanov","https:\/\/bsky.app\/profile\/grozdanovd.bsky.social","https:\/\/www.linkedin.com\/in\/dimitar-grozdanov\/","https:\/\/x.com\/grozdanovd","https:\/\/www.youtube.com\/@dimitargrozdanov"],"url":"https:\/\/www.ituziast.com\/index.php\/author\/grozdanovd\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/posts\/1062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/comments?post=1062"}],"version-history":[{"count":21,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/posts\/1062\/revisions"}],"predecessor-version":[{"id":1271,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/posts\/1062\/revisions\/1271"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/media\/1082"}],"wp:attachment":[{"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/media?parent=1062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/categories?post=1062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/tags?post=1062"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.ituziast.com\/index.php\/wp-json\/wp\/v2\/coauthors?post=1062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}