Select Page

AZ-104: 1.1.2 – Create Azure AD Administrative Units

Written By Craig Wall

Craig Wall

Craig Wall

I’m a public sector IT Administrator, specializing in configuration management and mobility. 

About Administrative Units


Administrative units allow for certain staff to be delegated administrative roles — admin rights in a limited capacity — to a limited set of users or groups. 

If you’re familiar with Organizational Units (OUs) in on-prem Active Directory, it’s much the same thing as assigning OU Administrators.

Users and groups get assigned to an Administrative Unit, and certain staff can be given limited admin rights to that Unit. 


Add an Administrative Group In the Azure Portal

Portal -> Azure Active Directory -> Administrative Units

Click Add. Give it a name. 

Under the Assign Roles tab are listed the supported administrative roles. The available roles are explained here

Click one of the roles, and you can assign a user to that admin role. 

After it’s created, go back into the Administrative Unit to assign users and groups to it to manage.




Submit a Comment

Your email address will not be published. Required fields are marked *