Home > database >  Azure Enterprise Admin vs Global Admin
Azure Enterprise Admin vs Global Admin

Time:10-16

Couldn't find much information about the differences between the Enterprise Admin and the Global Admin in Azure.

From my understanding:

Global Admin is the most privilege account in the tenant level. Each tenant can have multiple subscriptions and one Active Directory. Subscription is a container for azure resources(VM/Cloud function etc) and it uses the Active Directory to perform IAM control. Each subscription will have their own domain abcsubscription.onmicrosoft.com

However, I am not getting much information about the enterprise administrator, (it is not included in trial account so I couldn't test out the feature and the documentation is not explaining everything). Enterprise administrator only exists if you enroll into the enterprise agreement with Microsoft.

Some questions:

  • Is Enterprise agreement a subscription? Is it associate with 1 Active Directory?
  • Can I have multiple Active directory in enterprise setup? Are they completely seperate from each other?
  • What is the difference between Enterprise admin vs Account Owner vs Global Admin.

CodePudding user response:

  • Is Enterprise agreement a subscription? Is it associate with 1 Active Directory?

Yes, it is a kind of subscription you need to enroll for. And it is not associated with 1 Active directory.

• Can I have multiple Active directory in enterprise setup? Are they completely seperate from each other?

Yes you can setup multiple active directories.Yes.

• What is the difference between Enterprise admin vs Account Owner vs Global Admin.

Enterprise administrator: Enterprise administrators have the most privileges when managing an Azure EA enrollment Enterprise administrator can View credit balance including Azure Prepayment and also he can set/view department wise spending quotas. Enterprise administrators are more into Administrative side and he cannot mange resource in azure portal, We can have unlimited number of enterprise administrators.

Account Owner: Account owner manage resources in azure portal, He can create and manage subscriptions and also he can view usage and cost details for subscriptions. One account owner is allowed for account.

Globaladmin: as you are aware global admin will have access to all administrative features in Azure Active Directory. Global Administrators can elevate their access to manage all Azure subscriptions and management groups. This allows Global Administrators to get full access to all Azure resources using the respective Azure AD Tenant. The person who signs up for the Azure AD organization becomes a Global Administrator. There can be more than one Global Administrator.

Please go through the video in this Link for more information on EA and Administrative roles in EA.

Note: Roles work in two different portals to complete tasks. You use the Azure Enterprise portal to manage billing and costs, and the Azure portal to manage Azure services.

Page link:https//www.codepudding.com/database/154663.html

Prev:How do I grant permissions for blob storage to a daemon application in Azure AD?
Next:Azure Function Email Notification when error
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding