To delegate tasks, we use the creation of administrative units (AUs) and assign roles for specific tasks. In this configuration, we generate an HR [AU] , and we assign the manager of the HR department with the role to manage user accounts in this scope.
Assign roles to administrative units
Creating an administrative unit
First of all, we need to connect to our Azure AD with the PowerShell cmdlet Connect-AzureAD for the admin@domain.onmicrosoft.com user.
Use the following cmdlets to create the HR [AU]:
New-AzureADAdministrativeUnit -Description "Human Resources Users" -DisplayName "HR"
View the expected output:
Newly created administrative unit
Next, we will add the related users.
...