Managing Admin Units in Microsoft Office 365 Flashcards
What are administrative units in Azure Active Directory?
Administrative units are like mini-instances of an active directory with limited admin permissions, allowing for delegated administrative tasks within specific groups of resources.
Why are administrative units set up in large organizations?
Administrative units are set up in large organizations to delegate administrative tasks to individuals closer to specific resources, such as satellite offices or company departments, while maintaining the principle of least privileged access.
What can an administrative unit administrator do?
An administrative unit administrator can manage properties of groups within the unit, including name and membership, but cannot manage group members’ properties unless they are added individually to the unit. They cannot create new users or change authentication methods or passwords for group members within the unit.
Can a unit admin see users and resources outside their unit scope?
In the Microsoft 365 admin centre, a unit admin cannot see users outside their unit scope but can view and act upon users and resources outside their unit scope through the Azure portal.
How can administrative units and their resources be managed?
Administrative units and their resources can be managed through the Microsoft 365 admin centre, Azure portal, Microsoft Graph, and PowerShell.
What subscription is required to implement administrative units?
An Azure Active Directory Premium P1 subscription is required to implement administrative units.
What can be placed into administrative units?
Resources such as users, user groups, and devices can be placed into administrative units.
Can users be created within an administrative unit?
No, users must already exist in Azure AD before being added to an administrative unit.
How can administrative units be managed?
Administrative units can be managed through the Azure portal, Microsoft 365 admin centre, PowerShell, and Microsoft Graph.
What is the maximum number of members that can be added to an admin unit through the Microsoft 365 admin centre?
Up to 20 members can be added manually or 200 members can be added via an uploaded text file through the Microsoft 365 admin centre.
What role is the most powerful within an administrative unit?
The user administrator role is the most powerful role within an administrative unit.