Merge pull request #247670 from rolyon/rolyon-aadroles-admin-units-restricted-management-limit-update

[Azure AD roles] Restricted management administrative units limit update

Author: prmerger-automator[bot]

includes/active-directory-service-limits-include.md

@@ -23,7 +23,7 @@ Here are the usage constraints and other service limits for the Azure AD service
 | Application Proxy | <ul><li>A maximum of 500 transactions\* per second per Application Proxy application.</li><li>A maximum of 750 transactions per second for the Azure AD organization.<br><br>\*A transaction is defined as a single HTTP request and response for a unique resource. When clients are throttled, they'll receive a 429 response (too many requests). |
 | Access Panel |There's no limit to the number of applications per user that can be displayed in the Access Panel, regardless of the number of assigned licenses.  |
 | Reports | A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated. |
-| Administrative units | <ul><li>An Azure AD resource can be a member of no more than 30 administrative units.</li><li>A maximum of 30 restricted management administrative units in a tenant.</li><li>An Azure AD organization can have a maximum of 5,000 dynamic groups and dynamic administrative units combined.</li></ul> |
+| Administrative units | <ul><li>An Azure AD resource can be a member of no more than 30 administrative units.</li><li>A maximum of 100 restricted management administrative units in a tenant.</li><li>An Azure AD organization can have a maximum of 5,000 dynamic groups and dynamic administrative units combined.</li></ul> |
 | Azure AD roles and permissions | <ul><li>A maximum of 100 [Azure AD custom roles](/azure/active-directory//users-groups-roles/roles-custom-overview?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context) can be created in an Azure AD organization.</li><li>A maximum of 150 Azure AD custom role assignments for a single principal at any scope.</li><li>A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as an administrative unit or Azure AD object). There is no limit to Azure AD built-in role assignments at tenant scope. For more information, see [Assign Azure AD roles at different scopes](../articles/active-directory/roles/assign-roles-different-scopes.md).</li><li>A group can't be added as a [group owner](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#object-ownership).</li><li>A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see [To restrict the default permissions for member users](../articles/active-directory/fundamentals/users-default-permissions.md?context=azure%2factive-directory%2fusers-groups-roles%2fcontext%2fugr-context#restrict-member-users-default-permissions).</li><li>It might take up to 15 minutes or you might have to sign out and sign back in before admin role membership additions and revocations take effect.</li></ul> |
 |Conditional Access Policies|A maximum of 195 policies can be created in a single Azure AD organization (tenant).|
 |Terms of use|You can add no more than 40 terms to a single Azure AD organization (tenant).|