Azure Best Practices for AD Architecture After Trying to Create A Mail Filter

Question

Hello all, I'm working at a company where they don't have dedicated IT staff other than me right now. They are brand new and decided not to have on premise systems and do everything through Azure.

I'm not an Azure expert and I wanted to set them up correctly from the get go. I just don't know where to start especially when it comes to this:

They want to filter out htmls, pdfs, etc from incoming emails. So to do that they created a mail enabled security group. Then to test that it worked they put a user into that group. It worked.

However...

I feel that there's something missing. As if we're not doing this the ideal way.
I think it's because we don't know the best way to create an AD like structure in Azure AD. Or if we should even try to.

The folks who do their IT figured that a brand new company could be setup in Azure with the same structure they're used to seeing from previous jobs where AD was on prem.

I know there are docs on setting up Azure. I've looked through those but I'm thinking in practical terms based off on prem AD experience. So when I try to recreate something like that from my experience into Azure's AD I can't really do it.

Any advice?

Answer 1

Azure AD is not a replacement for AD, so you cannot expect to have the exact structure. In particular, there's no concept of OUs in Azure AD, so using groups is your best option.

Answer 2

Hello,

you can try "Administrative Units" (in Preview on Azure AD). But, it is not the same as Organizational Units.
Administrative units now accept users and groups.

https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-administrative-units

Perhaps this functionality will help you.

Regards,