Admin roles with scope for single group

New Contributor



I am relatively new to Office365 / Microsoft365.

We are evaluating if we can use O365 for our multi-site church.


What I want to know is, if it is possible to add a Admin with "user administrator"-role but he/she shall only see and manage users of one of our sites.


We could organize the users of a site for example in a O365-group or any other unit, that works. Background of the question is: I want to have one admin per church site who is managing "his/her users" at the site. I am "overall admin" and can support, if they need it.


I hope you understood, what I mean.

Is there any possibility, to do this?




5 Replies

To an extent, yes, via the so-called administrative units:


They are however very limited in functionality, so they might not be a good match for all scenarios. It really depends on what kind of admin tasks you want to delegate.

Is it not enough with and Admin / Owner role on a per site basics?

@Vasil Michev I tried your hint, but I fail - the cmdlet New-AzureADAdministrativeUnit was not found. Do I have to install this on my powershell? How?


Thank you for any help.




Yeah, but how can I create a site unit?

You need the Azure AD Preview module, AzureADPreview.


Or you can also use the good old MSOL module: