As an assistant administrator, you can use DRA to manage Azure groups when Azure Active Directory is configured by the DRA Administrator. Azure groups enable you to give specific permissions to a defined set of user accounts. Azure groups let you control which data and resources a user account can access in any tenant.
Execute a search operation to locate and select the required Azure group object. After you select one or more objects in the list, the taskbar becomes active with options to delete objects, add objects to groups, remove objects from groups, add groups to other groups, remove groups from existing groups, and modify group properties. Click the options to display their functions.
NOTE:Supported Members: Azure group members can be Azure users, Azure groups, Azure contacts, synced users, synced contacts, and synced groups.
The following Azure group types are supported:
Distribution List
Mail-enabled Security
Office 365
Security
You can add user accounts, contacts, and groups both on-premises and Azure to an Azure managed group.
This task adds multiple accounts to a selected group. You can add a single account to a group by selecting the appropriate account.If adding an account to another group increases your powers for the account, DRA does not permit you to add the account.
You can nest groups by adding other groups (both on-premises and Azure) to a managed Azure group. When a group is nested in an Azure group, the child group inherits permissions from the parent group.
If adding a domain or Azure group to another Azure group increases your powers for the source group, DRA does not permit you to add the group.
You can create an Azure group in Azure Active Directory. You can also modify properties, such as adding Azure group members to the new group.
If an owner is not specified, by default DRA provides an Azure tenant access account as the owner.
The powers you have determine which properties you can modify for a group in Azure Active Directory. If the Exchange Policy is enabled, you can manage Exchange properties for mail-enabled Azure groups such as Office 365 group, mail-enabled security group, and distribution list. Depending on the group type, you can manage email addresses for the group, specify who can send email to the group, specify users who can send emails on behalf of the group, set email approval options, and so on.
NOTE:DRA enables you to export the Members and Member Of results as a CSV file. Navigate to the Members or the Member Of tab and click the Download icon. The unsaved changes are not exported. Ensure you save any recent changes so they are available in the exported file.
You can set the ownership of any groups. You can grant the group ownership permission to a user account or group. Granting group ownership allows the specified user account or group to manage the group including membership.
You can delete Azure groups from Azure Active Directory, but they cannot be restored from DRA.