Azure AD Group Management Restrictions

Danny Kitchen 41 Reputation points
2023-01-19T15:06:24.11+00:00

Has anyone found a way to restrict access to an azure AD group

Background - On Prem with AAD Sync

Creating an Azure Group for security purposes, but a requirement to control who can manage adding/removing users to the group.

Is this possible to restrict a group management permissions to say another group

Equivalent of ACL on prem AD

Many thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,672 questions
{count} votes

Accepted answer
  1. Vasil Michev 90,966 Reputation points MVP
    2023-01-19T15:22:18.2633333+00:00

    Security groups by default can only be managed by admins. For other group types, you have the relevant controls to prevent creation and membership changes.

    If you want to further restrict admin access, consider using Administrative units, and take a look at the role-assignable groups functionality.

    You can add more details on the planned use cases and group type needed, if the above does not suit your needs.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Danny Kitchen 41 Reputation points
    2023-01-20T07:59:45.2666667+00:00

    Thankyou for this
    Believe that is what i am after

    0 comments No comments