Need clear understanding on the permissions Global Administrator have on new Azure Active Directory tenant

Sai Charan Ramagiri 20 Reputation points
2023-01-24T15:24:01.6433333+00:00

Hello Team,

Kindly please help me with an understanding on the permissions on below scenario

User's image

There is already a Azure active directory tenant existing with name "Dev.management.com"

Admin1 creates a new Azure Active Directory tenant named "Test.Dev.management.com".

If we want to create more new user accounts in new tenant "Test.Dev.management.com", other than Admin1,

,

Question1.

From the above given Admins, who all can add/create new User accounts in the new deployed tenant ?

( Admin2 ? or Admin3 ? or Admin 4 )

,

Question 2

I understand that, Admin1 will have default Global Administrator permission on new Tenant and he can create new users.

Admin1 need to grant permissions to other Admins ? So that Admin2/3/4 will be able to create users in new tenant. or

There is no need for Admin1 to grant permissions to others admins on new tenant, as they are already "Global Administrators and User Administrator" and they do have rights to create users

Confused. Kindly please help me with a clarification.

Microsoft Entra
0 comments
Accepted answer
  1. Carlos Solís Salazar 16,611 Reputation points
    2023-01-26T07:58:06.2233333+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    Question1.

    From the above given Admins, who all can add/create new User accounts in the new deployed tenant ?

    In the tenant Dev.management.com: admin1, admin2, and admin3 can create users, however, only admin1 and admin2 can create other administrators.

    In the tenant Test.Dev.management.com: Only admin1 can create users.

    Question 2

    I understand that, Admin1 will have default Global Administrator permission on new Tenant and he can create new users.

    Admin1 need to grant permissions to other Admins ? So that Admin2/3/4 will be able to create users in new tenant. or

    There is no need for Admin1 to grant permissions to others admins on new tenant, as they are already "Global Administrators and User Administrator" and they do have rights to create users

    Each tenant manages their permissions individually, by default the first Global administrator will be the user who creates the tenant. You can assign the same roles to the new tenant or even you can assign distinct roles (for example admin2 as User administrator)

    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    8 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest