There’s no rest for the admins. Keeping end users up and running and power users in check – jumping between control panels, dashboards, and admin centers – can sometimes feel like a bit too much. And probably it is on some days. However, for the Microsoft 365 admins, thanks to the Azure Active Directory Admin Center, the cloud environment is now a bit easier to stay on top of.
In this blog we’ll explore the streamlined and consolidated, yet feature-packed, Azure Active Directory Admin Center, and explain how it can make your work as a sysadmin – a cloud admin, a global admin, a user administrator, an application admin or whatever your role is called – simpler and more productive: from security and improved monitoring to more granular user management and application governance.
One tool to rule them all
If your organization has used software and services from Microsoft for more than a couple of years, you’ll know how often products update and evolve. This is necessary to keep up with the rapidly changing tides of digital transformation. While the Azure Active Directory Admin Center isn’t new, still many organizations aren’t capitalizing on its capabilities and might be relying on the Microsoft 365 Admin center and PowerShell scripts.
Honestly, I can’t tell when it happened but over the years Azure Active Directory Admin Center has grown into a quite solid admin portal where we can do almost everything – expect maybe managing some special parts of Microsoft 365 – you can access it using the sort URL of https://azad.cmd.ms/
It became a central hub for managing everything in Azure – starting at company-wide deployments, homing all the way into individual users’ devices and permissions. Now admins can jump headfirst into cloud environment governance without the noise and confusion of multiple dashboards.
What can Azure Active Directory Admin Center do?
Within the Azure Active Directory Admin Center, you can effectively govern your Microsoft Cloud Environment from a single dashboard. With seamless integrated access to users, groups, applications, licenses, devices, and more – here are some of the areas of governance that you can cover:
Users
In the Users section you can see all user profiles that are part of your Azure environment, with the options to add new users and guest users just a click away. From here you can access each user’s profile individually to find more granular information, such as most of their properties (custom properties are not visible right now), their active devices, authentication methods, enterprise applications (those which require use assignment), groups, and more.
If job information is active, you can see information such as who their manager is, which department they work in and what their title is. Azure Active Directory Admin Center also allows you to set consent settings (if any users are minors) and you can reset authentication settings on an account-by-account basis too. Here you’ll also find Roles, which allows you to grant privileged access to certain users, based on their job responsibilities.
Applications
Enterprise Applications give you access to all active enterprise apps on your Azure AD. This includes Microsoft Apps, applications you’ve made yourself, and third-party apps. Apps are grouped automatically by type for quicker governance, and you can narrow down your search with useful filters.
The Azure Active Directory Admin Center also allows you manage permissions and visibility of the apps from this area – such as who has access, which devices can run certain applications, the number of licenses available for each app, and more. This can reduce workload significantly, as you no longer have to enter separate app admin centers to find the information you need.
App Registrations gives you access to your internally create applications with overview of their creation date and status of their Certificates & secrets – those ones you don’t want to expire because that is the leading cause of outages in the cloud.
Devices
Maintaining security and productivity of remote devices can be a headache. Within Azure Active Directory Admin Center, you can keep a closer eye on the devices including their owner – who is usually the primary use and see their compliance status. Enable enterprise-wide device settings, restrict device roaming and search for specific device activity with the intuitive search bar. This is also the place from where – with the right permission – you can retrieve the BitLocker recovery keys in case you need them.
If your organization is having technical problems with certain devices, you’ll find support requests and troubleshooting functions here. And if you’ve experienced a security breach, you’ll also find audit logs here, allowing you to assess recent activity and identify problematic usage and user behavior.
Licenses
Licensing has long been the thorn in the side of every admin. It’s one area of Azure that, if left unchecked, can spiral into enormous bills. Licenses can be managed in two different ways:
- Through individual users – simply add and remove licenses via user profiles
- Through Groups – manage who has access to applications and who is using licenses directly though the same security groups which might be used to grant them permissions inside those same apps.
Both ways have the same effect, and this goes to show just how integrated and interconnected the Azure Active Directory Admin Center really is. There are different ways to reach the same end goal, meaning that you are free to manage intuitively however you think is best. There’s no annoying hurdles or roadblocks that will prevent you from being as productive as possible.
One thing to keep in mind, while we can assign the same license to a user multiple times: directly and using a group as well, those licenses will still count as one. So we can’t run out of the licenses with duplication.
Security
While the Security section could deserve its own admin center, luckily, it was integrated here. Which enables us to manage Conditional Access Policies and Identity Protection and many other things from the same place. Including the Authentication methods which means we can control what type of Second Factor Authentication is available and enable Passwordless authentication as well.
Privileged Identity Management can also help here. There are cases where lesser roles are enough to do a task, and only those should be activated, limiting the use of the Global Admin role as much as possible.
There is more
There is a lot more here but you’ll need to check back later to read about them. I hope this helped and don’t forget to check out what else is there on Your own: https://azad.cmd.ms/
Get even more from Azure AD Admin Center
There’s no doubt that Azure Active Directory Admin Center has changed the way we think about identity and access management services. But that doesn’t mean it’s perfect. At Rencore, we specialize in Microsoft 365 governance, making it even easier to monitor, report, and automate key functions and make your job more efficient.
Find out how you can improve identity and access management services even further, with Rencore Governance.
I also highly recommend reading the following whitepaper: Complete visibility across Microsoft 365. This whitepaper provides a framework built on best practices to help you compile a combined governance strategy for Microsoft 365 technologies, including Azure AD, SharePoint, OneDrive, Teams, Exchange, Yammer and the Power Platform.