![Lead Image © lassedesignen, 123RF.com Lead Image © lassedesignen, 123RF.com](/var/ezflow_site/storage/images/archive/2023/73/delegate-and-restrict-authorizations-in-azure-ad/lassedesignen_123rf-muscle_man.png/201781-1-eng-US/lassedesignen_123rf-Muscle_Man.png_medium.png)
Lead Image © lassedesignen, 123RF.com
Delegate and restrict authorizations in Azure AD
Temporary Admin
In the Microsoft world of Azure and Microsoft 365, especially, Azure Active Directory (AD) is an important component for authenticating users. By synchronizing with Active Directory, organizations can also synchronize on-premises credentials to the cloud, enabling single sign-on (SSO) scenarios.
As with Active Directory, you need to keep accounts in Azure AD organized and delegate the management of various tasks. Organizational units (OUs) are used for this purpose in Active Directory; Azure AD has something similar to OUs called administrative units (AUs). In this article I'll show you how to work with AUs for a better way to delegate cloud directory authorizations. Although in general the AUs in Azure AD correspond to the OUs in Active Directory, the two differ significantly. In contrast to AD, the authorization structures in Azure AD are very flat, and restricting them is a complex process. Administrative units and role-based authorizations can be the solution.
Security with Roles in Azure AD
Administrative units are intended to help improve the structure in Azure AD in a similar way that OUs do in Active Directory. Administrative units are available on the Azure portal under Azure Active Directory . They can also be configured in the Azure Active Directory admin center by selecting Azure Active Directory | Administrative units (Figure 1).
...Buy this article as PDF
(incl. VAT)