Managing Entra ID Groups

As an assistant administrator, you can use DRA to manage Entra ID Groups when Microsoft Entra ID is configured by the DRA Administrator. Entra ID Groups enable you to give specific permissions to a defined set of user accounts. Entra ID Groups let you control which data and resources a user account can access in any tenant.

Execute a search operation to locate and select the required Azure group object. After you select one or more objects in the list, the taskbar becomes active with options to delete objects, add objects to groups, remove objects from groups, add groups to other groups, remove groups from existing groups, and modify group properties. Click the options to display their functions.

Supported Members: Azure group members can be Azure users, Entra ID Groups, Entra ID Contacts, synced users, synced contacts, and synced groups.

The following Azure group types are supported:

  • Distribution List

  • Mail-enabled Security

  • Office 365

  • Security

Add accounts to Entra ID Groups

You can add user accounts, contacts, and groups both on-premises and Azure to an Azure managed group.

This task adds multiple accounts to a selected group. You can add a single account to a group by selecting the appropriate account.If adding an account to another group increases your powers for the account, DRA does not permit you to add the account.

Nest groups in Azure

You can nest groups by adding other groups (both on-premises and Azure) to a managed Azure group. When a group is nested in an Azure group, the child group inherits permissions from the parent group.

If adding a domain or Azure group to another Azure group increases your powers for the source group, DRA does not permit you to add the group.

Create an Azure group

You can create an Azure group in Microsoft Entra ID. You can also modify properties, such as adding Azure group members to the new group.

If an owner is not specified, by default DRA provides an Azure tenant access account as the owner.

Modify Azure group properties

The powers you have determine which properties you can modify for a group in Microsoft Entra ID. If the Exchange Policy is enabled, you can manage Exchange properties for mail-enabled Entra ID Groups such as Office 365 group, mail-enabled security group, and distribution list. Depending on the group type, you can manage email addresses for the group, specify who can send email to the group, specify users who can send emails on behalf of the group, set email approval options, and so on.

DRA enables you to export the Members and Member Of results as a CSV file. Navigate to the Members or the Member Of tab and click the Download icon. The unsaved changes are not exported. Ensure you save any recent changes so they are available in the exported file.

Configure Azure group ownership

You can set the ownership of any groups. You can grant the group ownership permission to a user account or group. Granting group ownership allows the specified user account or group to manage the group including membership.

Delete an Azure group

You can delete Entra ID Groups from Microsoft Entra ID, but they cannot be restored from DRA.