Microsoft Rolls Out Dynamic Administrative Units Support for Azure AD
Microsoft has announced the public preview of dynamic administrative units with Azure Active Directory (Azure AD). The new feature lets organizations configure rules for adding or deleting users and devices in administrative units (AUs).
Azure AD administrative units launched in public preview back in 2020. The feature lets enterprise admins logically divide Azure AD into multiple administrative units. Specifically, an administrative unit is a container that can be used to delegate administrative permissions to a subset of users.
Previously, IT Admins were able to manage the membership of administrative units in their organization manually. The new dynamic administrative units feature now enables IT Admins to specify a rule to automatically perform the addition or deletion of users and devices. However, this capability is currently not available for groups.
The firm also adds that all members of dynamic administrative units are required to have Azure AD Premium P1 licenses. This means that if a company has 1,000 end-users across all dynamic administrative units, it would need to purchase at least 1,000 Azure AD Premium P1 licenses.
“Using administrative units requires an Azure AD Premium P1 license for each administrative unit administrator, and an Azure AD Free license for each administrative unit member. If you are using dynamic membership rules for administrative units, each administrative unit member requires an Azure AD Premium P1 license,” Microsoft noted on a support page.
How to create dynamic membership rules in Azure AD
According to Microsoft, IT Admins can create rules for dynamic administrative units via Azure portal by following these steps:
- Select an administrative unit and click on the Properties tab.
- Set the Membership Type to Dynamic User or Dynamic Device and click the Add dynamic query option.
- Now, use the rule builder to create the dynamic membership rule and click the Save button.
- Finally, click the Save button on the Properties page to save the membership changes to the administrative unit.
Currently, the dynamic administrative units feature only supports one object type (either users or devices) in the same dynamic administrative unit. Microsoft adds that support for both users and devices is coming in future releases. You can head to the support documentation to learn more about dynamic administrative units.
More in Azure Active Directory
Microsoft to Add IPv6 Support to Azure Active Directory in March
Jan 12, 2023 | Rabia Noureen
How to Create Conditional Access Policies using PowerShell
Jan 4, 2023 | Liam Cleary
Microsoft Releases Azure AD Authentication Support for Windows Admin Center in Azure
Dec 1, 2022 | Rabia Noureen
Microsoft Releases Azure AD Certificate-Based Authentication Support on iOS and Android
Nov 2, 2022 | Rabia Noureen
Azure AD Conditional Access Policies Get Support for App Filters
Nov 1, 2022 | Rabia Noureen
Budget for Operational Resilience in 2023
Oct 20, 2022 | Russell Smith
Most popular on petri