![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,273 questions
Hi anonymous user, the easiest (but less flexible) way to manage you customer Azure AD tenant is to have your account (external or internal to the custom tenant) be assigned an Azure AD built-in role such as User Administrator at your customer tenant. This is commonly used during initial app development or resource deploying phases but before the tenant goes into production. However, an exemption can be made depending on the level of trust between both parties. Features such as Conditional Access and Multi-Factor authentication are key to tighten security in this scenarios.
A more robust and secure solution is Azure AD Privileged Identity Management which provides just in time access to Azure AD, time-bound access, requires approval to activate privileged roles and more.
To delegate administration of Azure (Not AD) resources (services, subscriptions, etc) a customer can grant administration permissions through a reseller relationship request.
Please let us know if need additional assistance.