How to Create a Group in Azure?

The Azure Active Directory (Azure AD) portal can be used to create a simple group. A basic group is created by the resource owner (administration) and includes specific members (workers) who require access to that resource for the purposes of this article. For more difficult cases, such as dynamic memberships and rule creation. So, let us have a look at how to create group in Azure.

Group and Membership Types in Azure

There are various types of groups and memberships. To assist you to determine which options to use when creating a group, the following information explains each group and membership category and why they are utilized.

Group Types in Azure

There are various types of groups and memberships. To assist you to determine which options to use when creating a group, the following information explains each group and membership category and why they are utilized.

1. Security

For a group of users, it’s used to manage member and computer access to shared resources. You can build a security group for a certain security policy, for example.

Instead of having to add permissions to each member separately, you can do it this way and grant a set of permissions to all of them at once.
Users, devices, groups, and service principals can all be members of a security group, and users and service principals can also be owners.

2. Microsoft 365

Members have access to a shared inbox, calendar, files, SharePoint site, and more, allowing them to collaborate. This option also allows you to grant access to the group to persons outside of your company. Only users can be members of a Microsoft 365 group. A Microsoft 365 group can be owned by both users and service principals.

Membership Types in Azure

1. Assigned

Allows you to add certain people as members of this group, each with their own set of permissions. This is the option we’re going to use for this article.

2. Dynamic User

Allows you to add and delete members using dynamic membership rules. When a member’s attributes change, the system checks your directory’s dynamic group rules to see if the member fits the rule criteria (is added) or no longer meets the rule requirements (is removed) (is removed).

3. Dynamic Device

Allows you to use dynamic group rules to add and remove devices automatically. When the properties of a device change, the system checks your dynamic group rules for the directory to determine if the device meets (or no longer fulfills) the rule requirements (is removed).

4. Azure AD Security Groups

Security Groups in Azure AD are similar to Security Groups in on-premises Windows Active Directory. They’re Security Principals, therefore they can be used to safeguard Azure AD objects. They can be built directly in Azure AD or synchronized with Azure AD Connect from Windows AD. Their membership can be static or dynamically formed using rules.

Who has access to Azure Active Directory Security Groups?

Azure AD Security Groups can be managed by multiple groups of people. The group cannot be controlled in Azure AD if it is synced from on-premises Windows AD.

They must be controlled on-premises with Active Directory Users and Computers and other technologies. With Azure AD Connect, any changes made there will be synced to Azure AD. Synced Security Groups in the Azure AD Portal will have a Source of “Windows server AD.”

Cloud-only Azure AD Security Groups can be administered by users with the necessary admin roles in the tenant. Global Administrator, Directory Writers, Groups Administrator, Privileged Role Administrator, SharePoint Administrator, and User Administrator are just a few examples.

How do they deal with Azure Active Directory Security Groups?

There are many approaches to managing Azure APIs because they are well-documented and well-designed. The Azure Portal is the most frequent UI for managing them.

Users with the proper roles can create, modify, view, and delete Azure AD Security Groups using the Azure Portal, which is fully featured. With the Azure AD Module, PowerShell can also administer Azure AD Security Groups. This module requires a Windows PowerShell 5.x host because it does not operate with.Net Core.

What is the purpose of Azure AD Security Groups?

In Microsoft 365, Azure AD Security Groups are rarely used. They can be used to assign licenses to users depending on their membership in a certain group.

This could be part of an onboarding process to automate a user’s Microsoft 365 licensing. SharePoint Groups can be added to Azure AD Security Groups to allow access to SharePoint resources.

The disadvantage of this strategy is that SharePoint Site Owners and Administrators may not be aware of who is a member of that Azure AD Security Group, and so may be unaware of who can access their SharePoint Site.

What are Microsoft 365 Groups, and what do they do?

Microsoft 365 Groups are a Microsoft 365 membership object that makes it easier to ensure that a group of users has consistent rights to a set of linked resources.

They’re also known as Microsoft 365 Groups or Unified Groups. Depending on where the Microsoft 365 Group is created, the group of linked resources changes slightly.

A Microsoft 365 Group will be formed in the background if a user establishes a Groups connected Team site in SharePoint.
Microsoft 365 will also generate a shared mailbox and calendar in Outlook, a Planner Plan, and a Power BI Workspace in addition to the SharePoint site.

Any user who has access to one of those resources will also have access to the rest of the Microsoft 365 Group’s resources.

When a team is created in Teams, it becomes a member of a newly created Microsoft 365 Group, and all other resources for that Group are generated as well.

Owner and Member are the two roles in Microsoft 365 Groups. Owners have control over the Group’s settings and membership. Members can delete their accounts, add members to a Public Group, and invite Guest users. Notably, there is no method to provide a user read-only access to resources in Microsoft 365 Groups.

Who has the authority to manage Microsoft 365 Groups?

Any tenant user can create a Microsoft 365 Group by creating a new resource in a Group supported app by default.
Tenant Administrators can control who has access to create Microsoft 365 Groups. Group Owners have control over the membership and settings of their groups.

Users with the necessary administrative privileges at the tenant level can also create and manage Groups, even if they are not members.

If the Privacy level of a Group is set to Public, any user in the tenant can join it.

What are the methods for managing Microsoft 365 Groups?

Owners of Groups can control membership in any of the Group-supported apps.

They can, for example, add a Group member from the SharePoint site, Outlook, Outlook Online, the Teams app, and so on.

Any changes made to the Group in one app are reflected in all of the Group-supported apps. Because the management experience varies by app, an Owner may need to use a specific app for a given task. To alter a Group’s Privacy policy, for example, you must utilize Outlook or Outlook online.

In SharePoint, you can’t change that setting. Microsoft 365 Groups can also be created using the Azure Portal or PowerShell by users with the proper administrative roles.

From the same interfaces, they can also control Group membership and settings.

What is the purpose of Microsoft 365 Groups?

Microsoft has stated that Microsoft 365 Groups are the future of Microsoft 365 resource permissions.

They enable Microsoft 365 users to use the whole array of Microsoft 365 applications with very little administrative effort. This provides Group owners with a single pane of glass through which to view their group’s activities.

The group’s files are stored in SharePoint, real-time communication takes place in Teams, and email discussions take place in Exchange, but everything is secured and managed as a Microsoft 365 Group.

What are SharePoint Groups in Azure?

These are the same SharePoint Groups that we are familiar with from our on-premise SharePoint server. They are a group of SharePoint users who have been given the same set of permissions.

A SharePoint Group created in one site collection does not exist in any other site collections since they are scoped at the SharePoint site collection level.

Under the hood, modern SharePoint sites are actually site collections.

Who has access to SharePoint Groups?

SharePoint Groups can be managed by anyone on the SharePoint site who has the “Create Groups” and “Manage Permissions” permissions.

Having higher roles in Azure AD does not allow someone to manage SharePoint Groups because this is not an Azure AD entity. A person with the SharePoint admin Role can give oneself Administrator capabilities on a SharePoint site and then manage the SharePoint Groups on that site.

What method do the administrators use to manage SharePoint Groups?

The “Site Permissions” and “Advanced Site Permissions” application pages (/ layouts/15/user.aspx) are where SharePoint groups are largely maintained via the SharePoint interface.

PowerShell modules for Microsoft SharePoint Online and PnP PowerShell can also be used to manage them.

What is the purpose of Azure SharePoint Groups?

Permissions were applied to groups of users using SharePoint Groups in both on-premise SharePoint Server and older versions of SharePoint Online.

Individual Permissions such as “Create Groups” and “Add Items” are included in Permission Levels like “Full Control” and “Read” in SharePoint.

A SharePoint group is given one or more Permission Levels when it is created. Users who are assigned to that SharePoint Group have the permissions specified in the SharePoint Group’s Permission Levels.

Members, Owners, and Visitors are the three default groups in SharePoint. Site owners have the option of using such SharePoint Groups or creating their own.

Microsoft 365 Groups should be used to manage SharePoint permissions. When feasible, avoid using native SharePoint permissions.

If a SharePoint site isn’t already part of a group, it can be Groupified afterwards, although this should be done carefully.

By their very nature, communications sites are primarily read-only, and they do not support Microsoft 365 Groups.

How to Create a Group in Azure

Follow the below steps to create a group in Azure:

1: Log in to the Azure portal with the directory’s Global administrator account.

2: Look for Azure Active Directory and choose it.

3: Select Groups from the left panel.

4: And then click on the “New group” from the Active Directory page.

5: Select Security from the Group type drop-down menu.

6: Enter a name for the group in the Group name area.

7: Enter a brief but meaningful description for the group in the Group description area (Optional Step).

8: For the Membership type field, there are two options: Assigned or Dynamic.

9: Hit the create button.

10: To add users to a group, open it, go to Members, and then Add Members.

11: From the Group page, go to the Members section, and then go to the Select Members page to start looking for members to add to your group. Then click on the Select button.

12: The number of members who have been added to the group is updated on the Group Overview page.

Features of Creating a Group in Azure

1. Grouping the subscriptions

Manage your Azure subscriptions more easily by grouping them together and performing bulk operations.

2. Mirroring organization’s structure

To properly manage your subscriptions and resources, create a hierarchy of Azure management groups appropriate to your organization.
Applying policies or access control to any service

Apply governance conditions like policies, access controls, or full-fledged blueprints to any Azure service with our full platform integration.

Turn off group welcome email in Azure

When a new Microsoft 365 group is created, whether with dynamic or static membership, all users who are joined to the group receive a welcome notification.

All dynamic group rules in the organization are analyzed for potential membership changes when any properties of a user or device change.
Users who are added receive a welcome notification as well. In Exchange PowerShell, you may disable this behavior.

Conclusion

Thus, we have reached the last section of the article. And, today we learnt about groups in Azure. Along with that, we saw the process of creating groups and their features. We hope you enjoyed this article.