Ganesh Chauhan, Technical Support Specialist, Microsoft Azure.
It is simpler to manage permissions when users are organized using Azure Active Directory (Azure AD) groups. Instead of having to grant each member of the group a different set of access rights, groups enable the resource owner (or the owner of the Azure AD directory) to grant a single set of access rights to the entire group. The use of groups enables us to quickly give or restrict access while defining a security barrier and adding and removing individual users. Even better, Azure AD has the capability of defining membership based on rules, such as the division or title a user holds in their current position.
You can define two different sorts of groups using Azure AD.
- Security groups: – a group of users’ computer and member access to shared resources is controlled by the most popular kind of groups. For a particular security policy, for instance, you may create a security group. In this manner, rather than having to add permissions to each member separately, you can grant a set of permissions to all the members at once. An administrator for Azure AD is needed for this choice.
- Microsoft 365 groups: – offer members access to a shared inbox, calendar, files, SharePoint site, and other resources to foster cooperation. You can also grant access to the group to individuals outside of your company using this option. Both admins and users can use this option. Distribution groups are a common term used to describe Microsoft 365 groups.
View available groups
You can view all groups through the Groups item under the Manage group from the Azure AD dashboard. A new Azure AD install won’t have any groups defined.
The Membership Type is the second aspect of a group that you should be aware of. This describes the procedure for including new group members. The two varieties are:
- Assigned – members are added and maintained manually.
- Dynamic – members are added based on rules, creating a Dynamic Group. These groups are still either a security group or Microsoft 365 group, just their members are controlled by rules.
The last sort of group is a dynamic group, whose membership is determined by a formula each time the group is utilised, as its name suggests. Any receiver in Active Directory with attribute values that fit its filter is included in a dynamic distribution group. The recipient could unintentionally join the group and begin receiving messages submitted to the group if the recipient’s attributes are altered to fit the filter. Well-defined, consistent account provisioning processes will lessen the odds of this issue occurring.
This dynamic group would consist of all valid members of the Azure AD.
For more information, contact Professional Labs, the Best Cloud Managed Services Provider Qatar