Azure Active Directory User management delegation RRS feed

  • Question

  • Hi,

    We are using Azure AD to create users, groups for an application that sits outside of Azure AD (hosted internally)

    We want the ability to delegate the user management to an admin of that application (create users, assign groups etc)

    I can see that in the Premium Azure AD subscription you can create AD users that have access to the WAAD Access Panel (myapps.microsoft.com) and they can see groups and approvals (http://blogs.technet.com/b/ad/archive/2014/04/07/azure-ad-delegated-group-management-feature-walk-through.aspx )

    The problem is that we only have a basic subscription, is there any other way to provide basic level user management delegation to an application admin?

    The only other way I can see is to create a whole new Azure account and separate AD and have the admin user of that account administering users/groups through the management portal - which is not ideal because they have access to other Azure resources (creating instances, db etc). we only need the admin to be able to access user management of AD

    It also seems like the user role "User Administrator" in Azure AD doesnt have much function because if you assign a user that role they cant login to the management console (they need subscription)



    Monday, March 9, 2015 1:33 AM


  • Greetings, Martin!

    Noting the constraint that you're facing of a delegated admin has access to the entire subscription (which you don't prefer).

    You can sign up for a new Trial / Pay-As-You-Go subscription with a minimum credit limit and custom create a Directory and add the existing Directory. With that, the admin will work on the new subscription and may have access on the Azure Directory and nothing else.

    Let me know if that helps.

    Thank you,


    Monday, March 9, 2015 4:51 AM