Restrict access to Azure AD administration portal

Why do users have access to Azure AD administration portal? You only want administrators to have access and restrict users to access Azure portal. It’s not relevant for standard users to have access. Is there a way to disable user access to the Azure AD portal? Yes, there is. In this article, we will look at how to restrict access to Azure AD administration portal.

Table of contents

User access to Azure AD administration portal

Check how it looks like if a user signs in to the Azure AD portal without restricting access by following the below steps:

  1. Sign in to Microsoft Azure portal as a User
  2. Click on Menu > Azure Active Directory

In our example, we will sign in as the user Alison Bell.

Azure Active Directory
  1. In the Overview screen, the user can see the Azure Active Directory information
Restrict access to Azure AD administration portal Overview
  1. Click in the menu on Users and Groups
Restrict access to Azure AD administration portal Users and Groups
  1. In the All users section, all the users are visible to the user
Restrict access to Azure AD administration portal All users
  1. In the All groups section, all the groups are visible to the user
Restrict access to Azure AD administration portal All groups
  1. Click in the menu on Roles and administrators
  2. Verify the user’s role (in our case, it’s the role User)
  3. Click on Your Role
Restrict access to Azure AD administration portal Roles and administrators
  1. The user does not have directory roles assigned
Restrict access to Azure AD administration portal Assigned Roles

In the next step, we will look at restricting users from accessing the Azure AD administration portal.

Restrict access to Azure AD administration portal

To restrict Azure AD administration portal access, follow these steps:

  1. Sign in to Microsoft Azure portal as a Global Administrator
  2. Click on Menu > Azure Active Directory
Azure Active Directory
  1. Click on User settings
  2. Select under Administration portal > Restrict access to Azure AD administration portal on Yes
  3. Click Save

Note: Setting the option Restrict access to Azure AD administration portal to Yes restricts all non-administrators from accessing any Azure AD data in the administration portal.

Restrict access to Azure AD administration portal enable

Give the setting a couple of minutes to apply the changes on Microsoft’s servers.

Verify no access to Azure AD administration portal

Verify restricted access to the Azure AD administration portal by following the below steps:

  1. Sign in to Microsoft Azure portal as a User
  2. Click on Menu > Azure Active Directory

You will see a No access message.

Restrict access to Azure AD administration portal no access

That’s it!

Read more: Install and configure Azure AD Connect »

Conclusion

You learned how to restrict access to Azure AD administration portal. By default, the option to restrict access to Azure AD portal is set to No. But we recommend setting it to Yes and restrict user access to Azure AD for non-administrator accounts.

The next time you manage an Azure tenant or create a new Azure tenant, check the restrict access to Azure AD administration portal setting in Azure AD portal and ensure to turn it on.

Did you enjoy this article? You may also like Office 365 disable stay signed in prompt. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *