Delegate and restrict authorizations in Azure AD

Temporary Admin

Role Requests by Admins

Once the customizations are in place, you can request access to the role by clicking Activate in the Azure AD portal when managing PIM. You can also see the roles for which you are authorized and enable access. When doing so, admins must enter a reason. Once access is requested, the user will receive an email to approve access. However, you can also unlock access directly on the Azure portal when managing Azure AD roles. Once access is approved, the admin will receive an email message that their request has been approved. (All operations are traceable in Azure and the monitoring system.) After that the admin is a member of that role, which in turn can be a member of an administrative unit.

Conclusions

Administrative units enable structured delegation of authorizations in Azure AD. In the current version, it is also possible to manage devices or make memberships dynamic. Together with role-based entitlement management and privileged identity management, the management entities can be used to create effective structures for managing authorizations in Azure AD.

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for more than 20 years. In addition, he writes hands-on books and papers on Windows and other Microsoft topics. Online you can meet him on http://thomasjoos.spaces.live.com.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus