About Administrative Units

Administrative units allow for certain staff to be delegated administrative roles — admin rights in a limited capacity — to a limited set of users or groups. 

If you’re familiar with Organizational Units (OUs) in on-prem Active Directory, it’s much the same thing as assigning OU Administrators.

Users and groups get assigned to an Administrative Unit, and certain staff can be given limited admin rights to that Unit. 

Add an Administrative Group In the Azure Portal

Portal -> Azure Active Directory -> Administrative Units

Click Add. Give it a name. 

Under the Assign Roles tab are listed the supported administrative roles. The available roles are explained here. 

Click one of the roles, and you can assign a user to that admin role. 

After it’s created, go back into the Administrative Unit to assign users and groups to it to manage.