Managing administrative units
Administrative units are collections of users and devices that can be delegated to certain administrators. In on-premises AD, you can choose to delegate control of administrative functions, using the delegation of Control Wizard in Active Directory Users and Computers or the Active Directory Administrative Center. Unlike on-premises AD, Azure AD is not hierarchical. The delegation must be achieved by defining boundaries and then controlling which users or devices are placed inside the boundaries.
Administrative units can be role-scoped – that is, administrators can both be granted administrative roles (such as Helpdesk Administrator) and be limited to administrative tasks only for assigned administrative units.
Creating administrative units
In the following example, we’ll create an administrative unit called California that will be used to hold users in that region. During creation, we’ll configure administrators to be able...
