GOV-08: Administrative Unit Boundaries
Frequently asked questions about implementing and managing the GOV-08 security control in Microsoft 365 and Entra ID.
QWhat is GOV-08 (Administrative Unit Boundaries)?▼
GOV-08 is a security control that without administrative boundaries, any admin with sufficient permissions can manage all users. administrative units create delegation boundaries, and restricted management prevents higher-privileged admins from overriding unit-scoped administrators. It requires that administrative units are configured for delegated administration and restricted management is enabled for sensitive units, admin scope is limited to their designated units.
QWhy is Administrative Unit Boundaries important for Microsoft 365 security?▼
Without administrative boundaries, any admin with sufficient permissions can manage all users. Administrative units create delegation boundaries, and restricted management prevents higher-privileged admins from overriding unit-scoped administrators.
QHow do I implement GOV-08 in my tenant?▼
GOV-08 requires manual implementation. Administrative units require manual configuration in Entra ID
QWhat license do I need for GOV-08?▼
This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.
QWhich security baseline includes GOV-08?▼
GOV-08 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial