I don't have permissions enabled for group creation in the security portal

Andres Jauregui 0 Reputation points


I have an Azure AD Premium P2 license, am a global administrator, and am assigned the Security Administrator role. At the time of entering to create groups of devices in the security portal I do not have the permissions, I have tried to review different methods and I can not get these permissions to appear, I appreciate your help.

  • As it should beCaptura de pantalla 2023-07-28 104519

-How is he

Captura de pantalla 2023-07-28 104623

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,579 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Q&A Assist
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Based on the information given, it seems that you are having trouble with creating groups in the security portal, even though you have an Azure AD Premium P2 license, are a global administrator, and have been assigned the Security Administrator role.

    To enable permissions for group creation in the security portal, you need to do the following:

    1. Sign in to the Azure portal with an account that has been assigned the Global Administrator or Groups Administrator role for the directory.
    2. Browse to Azure Active Directory > Groups, and then select General settings.
    3. Set the "Users can create security groups in Azure portals, API or PowerShell" to "Yes".

    Note that you should have already created the new security group and added a user to it. Only then you would be able to grant permission to the security group and select the Azure AD roles that you want to assign to the security group.

    If this solution does not work, it is possible that you are encountering an issue where you can't see the list of users or groups when adding permissions in Access Control (IAM) in the Azure portal. This could occur because the account that you used to sign in to the Azure portal does not have enumeration permission. It may be a guest user who has been invited to the directory that you are trying to give access to other Azure resources. Even if this guest user is a global administrator, they still will not have enumeration permission. To solve this, you can either allow all guest users enumeration privileges or allow it only for specific users.

    Ultimately, if you are still having trouble enabling permissions for group creation in the security portal, you can contact Microsoft support for additional assistance.


    0 comments No comments