How to add new field to request member to input in Microsoft Azure Group

Question

Hi,

I have situation like this:

I have a group of users, with owners and members. The owners can actually add new members (by typing new members' emails) to the group, to see different reports.

However, for the new members, we only want them to see their own data (row-leve-security), restricted by the SupplierCode.

So I have 2 questions:

1. How can we create a column called "SupplierCode" here, as you can see in the picture? (not only Name, Type, Email, User Type, but also a column called SupplierCode)
2. How can we create a form something to make new members, if they want to join the group, they need to also fill the suppliercode as well, so I can have info to restrict their emails only see their infos, not others info

Microsoft Azure Sales Support can contact me directly, because we are using the Enterprise package of Azure services.

Answer 1

You will need to use Azure AD B2C custom attributes or Azure AD extension attributes.

1. Create a Custom Attribute (Extension Attribute)
   • Navigate to the Azure portal.
   • Go to Azure Active Directory > App registrations.
   • Select your application (or register a new one if you don't have one).
   • Go to the Manifest section.
   • Add the new attribute under the extensionAttributes section. It might look like this:

     
          "extension_abc123_SupplierCode": {
     
              "type": "String",
     
              "multiValued": false
     
          }
     
     

2. Update Users with the New Attribute
   • You can update user attributes through Azure AD PowerShell or Microsoft Graph API.
   • Example using Microsoft Graph API:

          
          PATCH https://graph.microsoft.com/v1.0/users/{user-id}
          
          Content-Type: application/json
          
          {
          
          "extension_abc123_SupplierCode": "your_supplier_code"
          
          }
          
     

You will need to create a custom form for collecting new member information, including the SupplierCode. This can be done through various methods, such as using Microsoft Forms, PowerApps, or a custom web form hosted on Azure.

1. Using Microsoft Forms or PowerApps
   • Create a form with fields for Name, Email, and SupplierCode.
   • Share the form link with users who want to join the group.
2. Processing Form Submissions
   • When a user submits the form, you can use Power Automate (formerly Microsoft Flow) to trigger a workflow.
   • The workflow can include:
     • Creating or updating the user in Azure AD.
     • Assigning the user to the specific group.
     • Adding the SupplierCode to the user’s profile.

Step 3: Implement Row-Level Security (RLS)

To ensure that new members only see their own data, you will need to implement row-level security in your reporting tool (e.g., Power BI).

1. Set Up Row-Level Security in Power BI
   • Go to the Power BI service or Power BI Desktop.
   • Define roles and rules for your data model to restrict data based on the SupplierCode attribute.
   • Example DAX expression for RLS:

     
          [SupplierCode] = USERPRINCIPALNAME()
     
     

2. Assign Users to Roles
   • After defining the roles in Power BI, assign the users to these roles based on their SupplierCode.

Summary

By following these steps, you can:

1. Create a custom attribute (SupplierCode) in Azure AD.
2. Create a form to collect new member details, including the SupplierCode.
3. Use Power Automate to handle form submissions, update Azure AD, and assign users to groups.
4. Implement row-level security in your reporting tool to ensure data visibility is restricted based on the SupplierCode.

For detailed assistance and support, consider reaching out to Microsoft Azure Sales Support as well.