What is Delegated User Management?
June 29, 2020
As your organization grows, the size and complexity of the systems and tools you use to collaborate inside and outside of the organization also grows. While many organizations still maintain centralized management of SharePoint and Microsoft Teams, having one administration group keep track of and maintain off of the various roles and permissions can be a monumental task. Increasingly, organizations are pushing these administrative tasks down to business units and regional IT teams who better understand the immediate needs of the business.
While Microsoft has increasingly made it possible for IT teams to delegate specific roles within Azure and Microsoft 365 to additional administrators within the organization -- depending on the size, complexity, and growth of departments and project teams -- most organizations are looking for help in managing this process.
The out-of-the-box external sharing capabilities of Microsoft 365 are not scalable, and setting up and managing Azure B2B and the Azure portal can quickly become overwhelming, with an all-or-nothing approach to delegation. Employees need permissions management to be able to invite external customers and partners into essential collaboration activities -- but this activity requires governance oversight.
What Microsoft provides:
- Delegate administration in Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-concept-delegation allows you to assign the least possible privilege to users to access their apps and perform their tasks, and place application management responsibilities on the existing Global Administrators.
- Azure Active Directory roles in the Microsoft 365 admin center https://docs.microsoft.com/en-US/microsoft-365/admin/add-users/azure-ad-roles-in-the-mac?view=o365-worldwide provides a list of over 30 Azure AD roles, with even more available in the Azure portal.
- Assign admin roles https://docs.microsoft.com/en-US/microsoft-365/admin/add-users/assign-admin-roles?view=o365-worldwide walks you through the steps to assign these delegated roles.
- Administrator roles by admin task in Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-delegate-by-task provides an even more granular review of the roles that can be delegated through Azure Active Directory (Azure AD)
How Extranet User Manager can help:
The core EUM offering provides a number of features and resources to help automate your provisioning process, providing the self-registration, profile management, and delegation you need:
- As users and groups are created by the business owners, they are setup in Azure AD by EUM
- EUM then sends all invitations
- Azure AD manages the login process
- EUM manages the group membership leveraged for permissions
With EUM, you can immediately reduce the overhead costs of centrally managing your external users, allowing your organization to delegate account management to non-IT staff, and allowing external organizations to manage their staff access
Automating SharePoint and Microsoft Teams provisioning and user management can be a powerful method for improving the scalability of your collaboration platforms, while also ensuring security, compliance, and ongoing governance of your environment. Be sure to check out these great online resources, and let us know if we can answer any questions as you build out your provisioning strategy. We're here to help!