Administrative Unit Boundaries for Government & Public Sector

Government & Public Sector organizations face specific regulatory requirements including fedramp, nist-800-53, cis. The GOV-08 control helps address these requirements by:

• Administrative units are configured for delegated administration
• Restricted management is enabled for sensitive units
• Admin scope is limited to their designated units

Without administrative boundaries, any admin with sufficient permissions can manage all users. Administrative units create delegation boundaries, and restricted management prevents higher-privileged admins from overriding unit-scoped administrators.

When implementing GOV-08 in a government & public sector environment, consider:

• **Regulatory requirements**: fedramp, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Government & Public Sector organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

GOV-08 requires the following configuration:

• Administrative units are configured for delegated administration
• Restricted management is enabled for sensitive units
• Admin scope is limited to their designated units

Administrative units require manual configuration in Entra ID

Follow the steps above in your Microsoft Entra admin center to enable this control.