Microsoft Rolls Out Dynamic Administrative Units Support for Azure AD
Microsoft has announced the public preview of dynamic administrative units with Azure Active Directory (Azure AD). The new feature lets organizations configure rules for adding or deleting users and devices in administrative units (AUs).
Azure AD administrative units launched in public preview back in 2020. The feature lets enterprise admins logically divide Azure AD into multiple administrative units. Specifically, an administrative unit is a container that can be used to delegate administrative permissions to a subset of users.
Previously, IT Admins were able to manage the membership of administrative units in their organization manually. The new dynamic administrative units feature now enables IT Admins to specify a rule to automatically perform the addition or deletion of users and devices. However, this capability is currently not available for groups.
The firm also adds that all members of dynamic administrative units are required to have Azure AD Premium P1 licenses. This means that if a company has 1,000 end-users across all dynamic administrative units, it would need to purchase at least 1,000 Azure AD Premium P1 licenses.
“Using administrative units requires an Azure AD Premium P1 license for each administrative unit administrator, and an Azure AD Free license for each administrative unit member. If you are using dynamic membership rules for administrative units, each administrative unit member requires an Azure AD Premium P1 license,” Microsoft noted on a support page.
How to create dynamic membership rules in Azure AD
According to Microsoft, IT Admins can create rules for dynamic administrative units via Azure portal by following these steps:
- Select an administrative unit and click on the Properties tab.
- Set the Membership Type to Dynamic User or Dynamic Device and click the Add dynamic query option.
- Now, use the rule builder to create the dynamic membership rule and click the Save button.
- Finally, click the Save button on the Properties page to save the membership changes to the administrative unit.
Currently, the dynamic administrative units feature only supports one object type (either users or devices) in the same dynamic administrative unit. Microsoft adds that support for both users and devices is coming in future releases. You can head to the support documentation to learn more about dynamic administrative units.
More in Azure Active Directory
IT Admins Get New Azure AD Temporary Access Pass Feature to Create Time-Limited Passcodes
Jun 28, 2022 | Rabia Noureen
Microsoft Entra Verified ID Now Lets Users Recover Lost Credentials
Jun 23, 2022 | Rabia Noureen
IT Admins Get New Features for Managing Microsoft 365 App Updates
Jun 21, 2022 | Rabia Noureen
Microsoft's Out-Of-Band Patch Fixes Microsoft 365 and Azure AD Sign-In Issues on ARM Devices
Jun 21, 2022 | Rabia Noureen
Microsoft is Investigating Sign-In Issues Affecting Microsoft 365 and Azure AD on ARM Devices
Jun 20, 2022 | Rabia Noureen
Why You Should Restrict Access to Office 365 Using Microsoft Conditional Access Policies
Jun 15, 2022 | Liam Cleary
Most popular on petri