Replicate groups to Entra ID Administrative Units
L
Lars Töpfer
Entra allows to scope group/user management to administrative units.
Supporting this in meshStack will allow finer grained access control.
More information on Administrative Units: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units
R
Rebecca
Merged in a post:
Support Entra ID Administrative Units
Thomas Abbe
Perspectively we want to integrate our company main Azure tenant with meshcloud. Since this tenant is also used for other purposes, the MS Graph permission Groups.ReadWrite.All is impossible.
Please consider the support of Administrative Units, which would be the way to go.
Jelle den Burger
Hey Lars, thanks for your feature request!
At what level do you have the usage of administrative units in mind? Would it mean that each Azure subscription gets its own administrative unit? Or each group within the subscription?
And what added value would it bring to you and your application teams?
Thanks!
Thomas Abbe
Jelle den Burger:
Perspectively we want to integrate our company main Azure tenant with meshcloud. Since this tenant is also used for other purposes, the MS Graph permission Groups.ReadWrite.All is impossible.
Please consider the support of Administrative Units, which would be the way to go.
(copied from)
https://meshcloud.canny.io/feature-requests/p/support-entra-id-administrative-units
The administrative group would be on the platform scope, the only way meshcloud replicator would be able to manage groups.
Administrative Units have no impact on Subscriptions, but only on groups