Azure servicesMicrosoft Entra ID

Step-by-Step Guide to Restrict Azure AD Administration portal

In order to manage Azure AD, we use Azure Active Directory option in https://portal.azure.com. By default, any user under Azure AD can access this option event they do not have a Directory role. In my demo setup, I have a user called "Emily Braun". She doesn't have any Directory role assigned. 

Then I log in to Azure portal https://portal.azure.com as the user and then go to Azure Active Directory option. It didn't block me accessing it. 

I can go to All users and see user account details. 

I even can see the Groups memberships details. 

 

Also, can view application assignments. 

As an end user I also can see the Azure AD Connect details. 

Even though it doesn't allow me to change the user settings, it still allows me to see the current settings. 

I also can see the directory properties. 

I agree it doesn't allow to change settings but I am not comfortable with disclosing the above info to a standard user. Microsoft allows restricting standard user access to Azure Active Directory administration portal. Let's see how we can do that. 

1. Log in to Azure portal as Global Administrator 

2. Go to Azure Active Directory | User Settings

3. Then click on Yes under Restrict access to Azure AD administration portal

4. To apply the settings, click on Save 

5. Then I go ahead and login to the Azure portal as "Emily Braun" again and try to access the Azure Active Directory option. 

6. As expected, now the standard user can't view the Azure AD Administration portal.

This marks the end of this post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Related posts
Cyber SecurityMicrosoft Entra ID

Step-by-Step Guide: Configure Entra ID lifecycle workflow to use Custom Security Attributes

In my previous blog post, I explained how to use Entra ID lifecycle workflow to trigger actions…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: Configure Entra ID lifecycle workflow to trigger mover task on user profile changes

The Entra ID lifecycle workflow is a feature of Microsoft Entra ID identity governance and Microsoft…
Read more
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide: How to setup Entra ID Restricted management Administrative Units ?

In my previous blog post, I discussed what Entra ID Administrative Units are and how they can be…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *