m365Corner
M365 Glossary

Microsoft Entra ID Administrative Units

What are Microsoft Entra ID Administrative Units?

Microsoft Entra ID Administrative Units (AUs) are containers within Entra ID (formerly Azure Active Directory) used to logically segment users, groups, and devices for delegated administration. Think of them as sub-divisions within your Microsoft 365 tenant that help isolate access to administrative tasks. For example, you could assign helpdesk admins in Germany the rights to manage only users in the German office without giving them global permissions.


Why Use Microsoft Entra ID Administrative Units?

Administrative Units are ideal for role-based access control (RBAC) and decentralized IT management. They help organizations enforce boundaries while scaling administration across departments, schools, regions, or teams. AUs reduce risk by minimizing over-permissioned roles and supporting more precise delegation of administrative tasks.


Is Microsoft Entra ID Administrative Units Free?

Administrative Units are available in all Microsoft 365 tenants, but advanced functionality—such as assigning administrative roles scoped to an AU—requires Microsoft Entra ID P1 or P2 licenses (formerly Azure AD Premium P1/P2). Basic creation and viewing are supported in free editions, but effective delegation needs a paid plan.


Key Features of Microsoft Entra ID Administrative Units

  • Scoped Administration: Delegate roles like User Administrator to only users within specific AUs.
  • Flexible Grouping: Group users and devices logically without modifying directory structure.
  • Role-Based Access: Limit control to helpdesk, HR, or departmental admins.
  • Graph API Integration: Manage AUs programmatically using Microsoft Graph PowerShell or REST API.
  • Policy Assignment Support: Apply conditional access policies and role assignments per AU.

How to Access Microsoft Entra ID Administrative Units in Office 365?

You can access and manage Administrative Units through several methods:

  • Microsoft 365 Admin Center: Limited visibility; not the primary interface for AUs.
  • Microsoft Entra ID Admin Center: Go to entra.microsoft.com → Identity → Administrative Units to view, create, and manage AUs.
  • Graph PowerShell: Use commands like Get-MgAdministrativeUnit, New-MgAdministrativeUnit, or Add-MgAdministrativeUnitMember for automation and bulk operations.

Summary

Key Point Details
Product Name Microsoft 365
Purpose Scoped delegation and access control within Microsoft Entra ID
Included In Business Basic/Standard, Office 365 E1/E3/E5, Education (A1/A3/A5)
Free to Use? Basic view is free; full delegation features require Entra ID P1/P2
Access Method entra.microsoft.com, Graph PowerShell, Microsoft 365 Admin Center
Integrates With Microsoft Graph, Teams, Outlook, Power Automate, SharePoint, Intune


Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.

Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.

© Your Site Name. All Rights Reserved. Design by HTML Codex