Azure Active Directory Blog

Key Updates in Azure AD Tenant Management

Welcome to our latest update post focusing on enhancements to Azure Active Directory (Azure AD) tenant management. We're continuously working to provide you with more robust, flexible, and secure tools to manage your identity and access solutions. This post highlights some of the most significant recent developments.

1. Enhanced Role-Based Access Control (RBAC) for Tenant Operations

We've introduced granular permissions for various tenant-level operations. This allows administrators to delegate specific responsibilities without granting excessive privileges. For example, you can now grant a user the ability to manage application registrations without allowing them to modify conditional access policies.

New Roles Examples:

• Application Administrator: Manage application registrations, enterprise applications, and related properties.
• Conditional Access Administrator: Create, manage, and delete conditional access policies.
• User Administrator (Restricted): Manage users, but with limitations on certain sensitive properties.

These roles can be assigned directly or through administrative units, providing flexibility in your organizational structure.

2. Streamlined Tenant Migration Tools

Migrating workloads and user identities between Azure AD tenants can be complex. We've improved the tooling and documentation to make this process smoother. New PowerShell cmdlets and REST API endpoints are available to facilitate the transfer of application configurations, group memberships, and user profiles.

A key improvement includes better support for migrating B2B collaboration settings, ensuring a seamless experience for your external partners.

# Example: Using a new cmdlet for application migration (hypothetical)
Invoke-AzureADTenantMigration -SourceTenantId "your-source-tenant-id" -TargetTenantId "your-target-tenant-id" -ObjectId "application-id-to-migrate" -ApplicationOnly

3. Improved Audit Logging for Tenant-Wide Changes

Visibility into tenant changes is crucial for security and compliance. We've expanded our audit logging capabilities to capture more detailed information about tenant-level modifications. This includes tracking who made changes, when, and the specific parameters affected.

You can now filter audit logs more effectively to pinpoint administrative actions, aiding in security investigations and compliance reporting.

4. Preview: Advanced Threat Protection for Tenant Settings

We're excited to announce a new preview feature that integrates advanced threat protection capabilities directly into tenant management. This system will proactively monitor for anomalous administrative activities, such as unusual sign-in patterns from administrative accounts or unexpected changes to critical security configurations.

Stay tuned for more details as this feature moves towards general availability.

5. Simplified Licensing Management

Managing licenses across your organization can be challenging. Updates have been made to the Azure portal and APIs to provide a more intuitive experience for assigning and managing licenses. This includes better reporting on license usage and availability.

You can now easily see which users have specific licenses assigned and identify underutilized licenses.

We are committed to making Azure AD tenant management as efficient and secure as possible. We encourage you to explore these new features and provide us with your feedback. Your input helps us shape the future of Azure AD.