Add an Administrator to Azure AD Domain | Configuration Guide

Add an Administrator to Azure AD Domain

Prev Question Next Question

Question

You sign up for Azure Active Directory (Azure AD) Premium.

You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.

What should you configure in Azure AD?

Answers

A. Device settings from the Devices blade

B. Providers from the MFA Server blade

C. User settings from the Users blade

D. General settings from the Groups blade

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

-> The Azure AD global administrator role

-> The Azure AD device administrator role

-> The user performing the Azure AD join

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

1. Sign in to your Azure portal as a global administrator or device administrator.

2. On the left navbar, click Azure Active Directory.

3. In the Manage section, click Devices.

4. On the Devices page, click Device settings.

5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

The correct answer is C. User settings from the Users blade.

When you sign up for Azure AD Premium, you can manage access to your resources by assigning roles to users, groups, and service principals. To add a user as an administrator on all computers joined to the Azure AD domain, you would need to assign them the Global Administrator role.

Here are the steps to assign the Global Administrator role to a user:

Go to the Azure portal and sign in with your credentials.
In the left-hand menu, select "Azure Active Directory."
Select "Users" from the list of options.
Select the user you want to make an administrator.
Under "Roles," select "Add assignment."
Select "Global Administrator" from the list of roles.
Click "Add assignment" to assign the role to the user.

Once you have assigned the Global Administrator role to the user, they will have administrative access to all computers joined to the Azure AD domain.

Option A, Device settings from the Devices blade, is not the correct answer as this is used to manage device settings such as device compliance, configuration profiles, and device enrollment.

Option B, Providers from the MFA Server blade, is not the correct answer as this is used to manage multi-factor authentication providers for Azure AD.

Option D, General settings from the Groups blade, is not the correct answer as this is used to manage group settings such as membership, settings, and licenses.

Prev Question Next Question