Loading...

Azure AD RBAC: Dynamic administrative units now in public preview for users & devices

Azure AD RBAC: Dynamic administrative units now in public preview for users & devices

Howdy folks,

 

As part of our series of announcements for Azure Active Directory (Azure AD) role-based access control (RBAC), I’m excited to share the public preview of dynamic administrative units.

 

With dynamic administrative units, you no longer have to manually manage membership of your administrative units (or write your own automation to manage it for you). Instead, Azure AD allows you to specify a query based on user or device attributes, and then maintains the membership for you.

 

Let's take a look at some of the cool things you can do with these new capabilities:

 

 

 

 And you can check out the other announcements in the series here:

 

Create a rule for easy user membership management

To create a dynamic membership rule, go to an administrative unit and click on the Properties tab. In this example, we have an administrative unit representing the Human Resources department.

 

On the Properties blade, set the Membership Type to Dynamic User. Then click Add dynamic query to create a dynamic rule.

 

smoorhead_3-1649446970863.png

 

Here we’ve used the rule builder to create a basic rule which includes all users whose department is “Human Resources.” You can also build more complex rules using the same syntax you use for dynamic groups (see this page for details on how to do so).

 

smoorhead_4-1649446970872.png

 

Once you’ve created the rule, click Save to save the rule syntax. Then, click Save again on the Properties blade to save the membership changes to the administrative unit. Within a few minutes, the dynamic groups engine will start to populate the administrative unit with the users that match the rule.

 

smoorhead_5-1649446970884.png

 

Now, you can go to the Roles and administrators tab to delegate administrative roles over the administrative unit and be assured that the scope will be automatically kept up to date by the dynamic membership engine.

 

In this example, we’re delegating the ability to manage passwords for employees in the Human Resources department by assigning the Password Administrator role scoped to the Human Resources administrative unit.

 

smoorhead_6-1649446970892.png

 

Note: We highly recommend assigning the Password Administrator role as an eligible assignment through Privileged Identity Management.

For more information on dynamic administrative units, check out our documentation.

 

What’s next

Moving forward, we’re looking at adding support for both users and devices in the same dynamic administrative unit and offering additional properties from which you can build dynamic queries. We're also working on more great features in the Azure AD RBAC area related to administrative units and custom roles. Stay tuned for coming announcements.

 

Best regards, 

Alex Simons (Twitter: @Alex_A_Simons)

Corporate VP of Program Management 

Microsoft Identity Division

 

 

Learn more about Microsoft identity:

Published on:

Learn more
Azure Active Directory Identity Blog articles
Azure Active Directory Identity Blog articles

Azure Active Directory Identity Blog articles

Share post:

Related posts

Integrate Dataverse Azure solutions – Part 2

Dataverse that help streamline your integrations, such as Microsoft Azure Service Bus, Microsoft Azure Event Hubs, and Microsoft Azure Logic A...

15 hours ago

Dynamics 365 CE Solution Import Failed in Azure DevOps Pipelines

Got the below error while importing Dynamics CRM Solution via Azure DevOps Pipeline. 2024-12-18T23:14:20.4630775Z ]2024-12-18T23:14:20.74...

1 day ago

Dedicated SQL Pool and Serverless SQL in Azure: Comparison and Use Cases

Table of Contents Introduction Azure Synapse Analytics provides two powerful SQL-based options for data processing: Dedicated SQL Pools and Se...

1 day ago

Azure SQL ❤️ Python!

I recently presented at Python Day 2024 on Langchain integration. I created a slide deck that I believe can be useful beyond just the session,...

4 days ago

Azure Function Isolated Worker : Avoid comments in the Host file

As a .NET developer, the yearly release cycle is always one of my most anticipated event. This years edition is no exception, as it brings .NE...

4 days ago

Integrate Dataverse Azure Solutions – Part 1

Azure comes with a variety of other solutions, which can also be integrated with Dataverse. Dataverse that help streamline your integrations, ...

4 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy