Replicate groups to Entra ID Administrative Units
planned
L
Lars Töpfer
Entra allows to scope group/user management to administrative units.
Supporting this in meshStack will allow finer grained access control.
More information on Administrative Units: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units
Jelle den Burger
planned
We plan to tackle this latest Q2. Stay tuned for updates
R
Rebecca
Merged in a post:
Support Entra ID Administrative Units
Thomas Abbe
Perspectively we want to integrate our company main Azure tenant with meshcloud. Since this tenant is also used for other purposes, the MS Graph permission Groups.ReadWrite.All is impossible.
Please consider the support of Administrative Units, which would be the way to go.
Jelle den Burger
Hey Lars, thanks for your feature request!
At what level do you have the usage of administrative units in mind? Would it mean that each Azure subscription gets its own administrative unit? Or each group within the subscription?
And what added value would it bring to you and your application teams?
Thanks!
Thomas Abbe
Jelle den Burger:
Perspectively we want to integrate our company main Azure tenant with meshcloud. Since this tenant is also used for other purposes, the MS Graph permission Groups.ReadWrite.All is impossible.
Please consider the support of Administrative Units, which would be the way to go.
(copied from)
The administrative group would be on the platform scope, the only way meshcloud replicator would be able to manage groups.
Administrative Units have no impact on Subscriptions, but only on groups