Especially after a first glance into the “ documentation”, which is basically a few PowerShell scripts with very minimal description. It’s not a particularly complex task, but the process can be off-putting for folks not used to the shell. Unfortunately, management of AUs is still only possible via PowerShell.
With the Office 365 Admin Center finally getting support for AUs, they should gain more traction. This has the exact same feature set however they were only enforced against actions performed via the Azure AD PowerShell cmdlets, which made them less useful. In fact, AUs have been available for over 3 years now, as you can see from the “announcement” blog post, dated December 2014. Now, my previous statement is not entirely true as to the availability of this feature.
Do you really want the junior guy from the service desk to be able to reset the password for the CFO? No? Then AUs can help. Yes, there are “limited” admin roles in Office 365, however anyone with the user management role would still be able to manage all users in the company (with the exception of Global admins). The real power of the “Administrative units” feature is the ability to designate an admin user that will be able to perform various tasks against all users in the scope of a particular AU – and only those users! This is very important for large organizations in Office 365, as up until now we didn’t have any features that enabled admin role separation. So, why are AUs important? After all, simply grouping the objects in some logical unit doesn’t necessarily help to ease the administrative burden. As there are very few limitations in terms of who can be a member of an AU, you can get very creative with them – but we will talk more about this in the next section. For example, you could create an AU for: all the users in the Sales department, or all users working in the UK, or simply all users with a particular attribute. AUs allow you to “group” your users into logical units, which makes it easier to designate them as a whole. Simply put, Administrative units (we’re going to call these AUs from here on in) are a container for user objects, akin to Organizational Units on-premises.
The rollout was announced with an update to the corresponding Office 365 Roadmap item and the following Message Center post:Īs neither the Roadmap items, the Message center post, nor the linked “documentation” are very descriptive as to what exactly the feature does, and how to configure it, we thought it might be useful to dig into this feature a bit more, and publish some guidance on Administrative Units. As of two weeks ago, an update that incorporates the Administrative units feature into the Office 365 Admin center has started rolling out across the service.