Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Entra ID Adds Restricted Management Administrative Units in Preview

Microsoft has introduced restricted management administrative units support in public preview for Microsoft Entra ID. The new role-based access control (RBAC) feature lets organizations allow only select IT admins, security teams, or devices to access specific resources.

“Restricted management administrative units allow you to protect specific objects in your tenant from modification by anyone other than a specific set of administrators that you designate. This allows you to meet security or compliance requirements without having to remove tenant-level role assignments from your administrators,” Microsoft explained.

Why organizations should use restricted management administrative units?

According to Microsoft, restricted management administrative units help administrators to manage access in their Microsoft Entra ID tenants. For instance, the security feature protects accounts of highly privileged accounts in enterprise environments (such as senior executives).

Furthermore, organizations can ensure country-level administration of specific security groups and user accounts. Restricted Management Administrative Units can restrict unauthorized people from updating the membership of security groups used to secure sensitive information.

Microsoft Entra ID Adds Restricted Management Administrative Units in Preview

Licensing requirements and limitations

Microsoft also detailed some limitations for restricted management administrative units. The company says that IT admins won’t be able to apply the restricted management setting after creating an administrative unit. Moreover, it’s impossible to change the membership once role-assignable groups are added to restricted management administrative units.

Microsoft notes that organizations should have an Azure AD Premium P1 license to manage each administrative unit. The feature also requires administrative unit members to have Azure AD free licenses. You can learn more about how to use restricted management administrative units on the Microsoft Entra (Azure AD) Blog.

Earlier this week, Microsoft announced that it’s rebranding Azure Active Directory (Azure AD) to Entra ID. The company has also announced two new products called Microsoft Entra Private Access and Microsoft Entra Internet Access.

by Rabia Noureen
Jul 14, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Use Microsoft 365 Dynamic Groups to Streamline Access Management

Jul 5, 2023
Jul 13, 2023
How to Properly Secure and Govern Microsoft Entra ID Apps

Oct 19, 2023
Apr 17, 2024
Microsoft Entra ID App Registration and Enterprise App Security Explained

Oct 19, 2023
Apr 17, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.