Azure AD – Delegate user management with My Staff (preview)

Microsoft is providing easier way to manage user accounts without the need of a support call to your helpdesk.

With My Staff, you can delegate some level of user management tasks to a delegated authority, like a manager or team leaser.

This will help end-users stuck accessing their applications because they forgot their credentials (don’t forget you still have the option of Self Service Password Reset too).

This option will work great with the new SMS authentication based method as it also allow delegated administrator to enable this new authentication method for the end-users.

This new option – mainly with first line workers in mind as they usually have a limited mobile device – can be enabled from your Azure portal ( or Azure AD portal ( by accessing the Azure Active DirectoryUser SettingsUser feature previews blade

image_thumb  image_thumb[1]

Then enable the new Administrators can access My Staff option and select if this applies to a selected set of users or all user

NOTE 1 Only users who’ve been assigned an admin role can access My Staff. If you enable My Staff for a user who is not assigned an admin role, they won’t be able to access My Staff.

NOTE 2 Each user who’s enabled in My Staff must be licensed with at least either:

  • Azure AD Premium P1 or P2
  • Microsoft 365 F1 or F3


Then you need to create/manage Azure AD Administrative Units – see

Once enabled, delegated administrator can access the My Staff web site using

They will see all administrative units they have been delegated permission – for this blog post I have called my AU “MyStaf”


By clicking on the AU, they will see the list of users associated with and then will be able to perform the delegated administrative task for the selected user account

image_thumb[5]  image_thumb[6]

This works for both cloud-only or AD synchronized accounts; off course in case of AD synchronized account it is highly recommended to also have the password-writeback option enabled.