How to manage groups - Microsoft Entra (2023)

Table of Contents
In this article Create a basic group and add members Turn off group welcome email Add or remove members and owners Add members or owners of a group: Remove members or owners of a group: Edit group settings Add or remove a group from another group Add a group to another group Remove a group from another group Delete a group Next steps Videos
  • Article
  • 7 minutes to read

Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.

This article covers basic group scenarios where a single group is added to a single resource and users are added as members to that group. For more complex scenarios like dynamic memberships and rule creation, see the Azure Active Directory user management documentation.

Before adding groups and members, learn about groups and membership types to help you decide which options to use when you create a group.

Create a basic group and add members

You can create a basic group and add your members at the same time using the Azure Active Directory (Azure AD) portal. Azure AD roles that can manage groups include Groups Administrator, User Administrator, Privileged Role Administrator, or Global Administrator. Review the appropriate Azure AD roles for managing groups

To create a basic group and add members:

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory > Groups > New group.

    How to manage groups - Microsoft Entra (1)

  3. Select a Group type. For more information on group types, see the learn about groups and membership types article.

    • Selecting the Microsoft 365 Group type enables the Group email address option.

  4. Enter a Group name. Choose a name that you'll remember and that makes sense for the group. A check will be performed to determine if the name is already in use. If the name is already in use, you'll be asked to change the name of your group.

  5. Group email address: Only available for Microsoft 365 group types. Enter an email address manually or use the email address built from the Group name you provided.

  6. Group description. Add an optional description to your group.

  7. Switch the Azure AD roles can be assigned to the group setting to yes to use this group to assign Azure AD roles to members.

    • This option is only available with Premium P1 or P2 licenses.
    • You must have the Privileged Role Administrator or Global Administrator role.
    • Enabling this option automatically selects Assigned as the Membership type.
    • The ability to add roles while creating the group is added to the process.
    • Learn more about role-assignable groups.

  8. Select a Membership type. For more information on membership types, see the learn about groups and membership types article.

  9. Optionally add Owners or Members. Members and owners can be added after creating your group.

    (Video) Remediating Inactive Identities and Group with Microsoft Entra Permissions Management

    1. Select the link under Owners or Members to populate a list of every user in your directory.
    2. Choose users from the list and then select the Select button at the bottom of the window.

    How to manage groups - Microsoft Entra (2)

  10. Select Create. Your group is created and ready for you to manage other settings.

Turn off group welcome email

A welcome notification is sent to all users when they're added to a new Microsoft 365 group, regardless of the membership type. When an attribute of a user or device changes, all dynamic group rules in the organization are processed for potential membership changes. Users who are added then also receive the welcome notification. You can turn off this behavior in Exchange PowerShell.

Add or remove members and owners

Members and owners can be added to and removed from existing Azure AD groups. The process is the same for members and owners. You'll need the Groups Administrator or User Administrator role to add and remove members and owners.

See Also
パブリック フォルダーの移行における Office 365 グループとパブリック フォルダー メールボックスの比較 - Exchange Savvy闇金融グループが米国州当局者に選挙否定論を押し付けるLACP ポート チャネル/インターフェイス グループのトラブルシューティング非国家武装集団による拘禁: 法律を実践に変える - 人道法と政策ブログ

Need to add multiple members at one time? Learn about the add members in bulk option.

Add members or owners of a group:

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory > Groups.

  3. Select the group you need to manage.

  4. Select either Members or Owners.

    How to manage groups - Microsoft Entra (3)

  5. Select + Add (members or owners).

  6. Scroll through the list or enter a name in the search box. You can choose multiple names at one time. When you're ready, select the Select button.

    The Group Overview page updates to show the number of members who are now added to the group.

Remove members or owners of a group:

  1. Go to Azure Active Directory > Groups.

  2. Select the group you need to manage.

  3. Select either Members or Owners.

  4. Check the box next to a name from the list and select the Remove button.

    (Video) Microsoft Entra The MUST KNOW Guide for Admins

    How to manage groups - Microsoft Entra (4)

Edit group settings

Using Azure AD, you can edit a group's name, description, or membership type. You'll need the Groups Administrator or User Administrator role to edit a group's settings.

To edit your group settings:

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory > Groups. The Groups - All groups page appears, showing all of your active groups.

  3. Scroll through the list or enter a group name in the search box. Select the group you need to manage.

  4. Select Properties from the side menu.

    How to manage groups - Microsoft Entra (5)

    See Also
    移民に焦点を当てることは、保守派の主要なターゲット投票グループの中で役立ちますか?|yougov

  5. Update the General settings information as needed, including:

    • Group name. Edit the existing group name.

    • Group description. Edit the existing group description.

    • Group type. You can't change the type of group after it's been created. To change the Group type, you must delete the group and create a new one.

    • Membership type. Change the membership type. If you enabled the Azure AD roles can be assigned to the group option, you can't change the membership type. For more info about the available membership types, see the learn about groups and membership types article.

    • Object ID. You can't change the Object ID, but you can copy it to use in your PowerShell commands for the group. For more info about using PowerShell cmdlets, see Azure Active Directory cmdlets for configuring group settings.

Add or remove a group from another group

You can add an existing Security group to another Security group (also known as nested groups). Depending on the group types, you can add a group as a member of another group, just like a user, which applies settings like roles and access to the nested groups. You'll need the Groups Administrator or User Administrator role to edit group membership.

We currently don't support:

  • Adding groups to a group synced with on-premises Active Directory.
  • Adding Security groups to Microsoft 365 groups.
  • Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups.
  • Assigning apps to nested groups.
  • Applying licenses to nested groups.
  • Adding distribution groups in nesting scenarios.
  • Adding security groups as members of mail-enabled security groups.
  • Adding groups as members of a role-assignable group.

Add a group to another group

  1. Sign in to the Azure portal.

    (Video) Microsoft Entra: Permissions Management Demo

  2. Go to Azure Active Directory > Groups.

  3. On the Groups - All groups page, search for and select the group you want to become a member of another group.

    Note

    You only can add your group as a member to one other group at a time. Wildcard characters aren't supported in the Select Group search box.

  4. On the group Overview page, select Group memberships from the side menu.

  5. Select + Add memberships.

  6. Locate the group you want your group to be a member of and choose Select.

    For this exercise, we're adding "MDM policy - West" to the "MDM policy - All org" group. The "MDM - policy - West" group will have the same access as the "MDM policy - All org" group.

    How to manage groups - Microsoft Entra (6)

Now you can review the "MDM policy - West - Group memberships" page to see the group and member relationship.

For a more detailed view of the group and member relationship, select the parent group name (MDM policy - All org) and take a look at the "MDM policy - West" page details.

Remove a group from another group

You can remove an existing Security group from another Security group; however, removing the group also removes any inherited access for its members.

  1. On the Groups - All groups page, search for and select the group you need to remove as a member of another group.

  2. On the group Overview page, select Group memberships.

  3. Select the parent group from the Group memberships page.

  4. Select Remove.

    (Video) What is Microsoft Entra ?

    For this exercise, we're now going to remove "MDM policy - West" from the "MDM policy - All org" group.

    How to manage groups - Microsoft Entra (7)

Delete a group

You can delete an Azure AD group for any number of reasons, but typically it will be because you:

  • Chose the incorrect Group type option.

  • Created a duplicate group by mistake.

  • No longer need the group.

To delete a group, you'll need the Groups Administrator or User Administrator role.

  1. Sign in to the Azure portal.

  2. Go to Azure Active Directory > Groups.

  3. Search for and select the group you want to delete.

  4. Select Delete.

    The group is deleted from your Azure Active Directory tenant.

Next steps

  • Learn about groups and assigning access rights to groups

  • Manage groups using PowerShell commands

  • Manage dynamic rules for users in a group

  • Scenarios, limitations, and known issues using groups to manage licensing in Azure Active Directory

  • Associate or add an Azure subscription to Azure Active Directory

    (Video) Microsoft Entra - Permission Management

Videos

1. Looking at Entra Permissions Management to Manage Permissions Across AWS, GCP and Azure
(John Savill's Technical Training)
2. Microsoft Entra Identity & Access Management
(Synergy Technical)
3. Microsoft Entra admin center overview
(Microsoft Security)
4. Manage your multi-cloud identity infrastructure with Microsoft Entra
(Microsoft Mechanics)
5. Microsoft Entra Permissions Management
(Academy Hub)
6. Microsoft Entra .. the new Azure Active Directory portal
(Alex de Jong)
Top Articles
Latest Posts
Article information

Author: Rubie Ullrich

Last Updated: 20/05/2023

Views: 5649

Rating: 4.1 / 5 (52 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Rubie Ullrich

Birthday: 1998-02-02

Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119

Phone: +2202978377583

Job: Administration Engineer

Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking

Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.