azure ad service limit

testuser7 271 Reputation points
2021-08-12T12:54:50.807+00:00

Is there any service-limit in Azure-AD for following.

I have a single service-principal which I am using to assign single admin-role to several users.
Is there any limit how many users can be assigned this admin role through this SP through graph API ??

thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,808 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,476 Reputation points Microsoft Employee
    2021-08-12T18:06:28.137+00:00

    @testuser7
    Thank you for your post!

    Referencing our Azure AD service limits and restrictions documentation, if you're only using the Service Principal to assign an Admin role to a user(s), it doesn't look like there are any limits as to how many users can be assigned that Admin role. For example, you can have every user in your AzureAD Tenant be a Global Admin, but that would go against our Best practices for Azure AD roles doc.

    Azure AD roles and permissions service limits and restrictions:

    • A maximum of 30 Azure AD custom roles can be created in an Azure AD organization.
    • A maximum of 100 Azure AD custom role assignments for a single principal at tenant scope.
    • A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as administrative unit or Azure AD object). There is no limit for Azure AD built-in role assignments at tenant scope.
    • A group can't be added as a group owner.
    • A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see To restrict the default permissions for member users.
    • It may take up to 15 minutes or signing out/signing in before admin role membership additions and revocations take effect.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments