Entra ID Protects Key Identities with Restricted Management

• Restricted management administrative units can help organizations improve security and compliance while enhancing logging and auditing.
• Organizations should consider using restricted management administrative units to protect key identities because there is no additional licensing cost for most customers.
• But admins should be aware that RMAUs can break some processes and are not currently compatible with some of Microsoft’s own services.

Restricted management administrative units (RMAUs) can help organizations improve security and compliance by controlling which administrators can modify or delete the Entra ID users, devices, and security groups within that administrative unit (AU). RMAUs require the same licensing as regular administrative units, which most organizations already have in place. While the feature can help with security and compliance and further improve logging of changes to AUs, administrators should be mindful that RMAUs can break some processes and automation and are not currently compatible with some of Microsoft’s own services.