Can I send a customer a request for delegated administration?


I met with a customer who asked me to send them a link requesting delegated administration rights to their Azure AD. I am also using Azure AD for my company. I know there<s a process where the customer can send me a link which I can respond to where this end goal will be met.

I also know there's a similar process in the MS partner portal for resellers.

Can I do the same using a basic process in Azure? Is there another way I am missing?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,534 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2022-05-04T23:40:35.86+00:00

    Hi anonymous user, the easiest (but less flexible) way to manage you customer Azure AD tenant is to have your account (external or internal to the custom tenant) be assigned an Azure AD built-in role such as User Administrator at your customer tenant. This is commonly used during initial app development or resource deploying phases but before the tenant goes into production. However, an exemption can be made depending on the level of trust between both parties. Features such as Conditional Access and Multi-Factor authentication are key to tighten security in this scenarios.

    A more robust and secure solution is Azure AD Privileged Identity Management which provides just in time access to Azure AD, time-bound access, requires approval to activate privileged roles and more.

    To delegate administration of Azure (Not AD) resources (services, subscriptions, etc) a customer can grant administration permissions through a reseller relationship request.

    Please let us know if need additional assistance.