Based on the information given, it seems that you are having trouble with creating groups in the security portal, even though you have an Azure AD Premium P2 license, are a global administrator, and have been assigned the Security Administrator role.
To enable permissions for group creation in the security portal, you need to do the following:
- Sign in to the Azure portal with an account that has been assigned the Global Administrator or Groups Administrator role for the directory.
- Browse to Azure Active Directory > Groups, and then select General settings.
- Set the "Users can create security groups in Azure portals, API or PowerShell" to "Yes".
Note that you should have already created the new security group and added a user to it. Only then you would be able to grant permission to the security group and select the Azure AD roles that you want to assign to the security group.
If this solution does not work, it is possible that you are encountering an issue where you can't see the list of users or groups when adding permissions in Access Control (IAM) in the Azure portal. This could occur because the account that you used to sign in to the Azure portal does not have enumeration permission. It may be a guest user who has been invited to the directory that you are trying to give access to other Azure resources. Even if this guest user is a global administrator, they still will not have enumeration permission. To solve this, you can either allow all guest users enumeration privileges or allow it only for specific users.
Ultimately, if you are still having trouble enabling permissions for group creation in the security portal, you can contact Microsoft support for additional assistance.
References:
- Set up self-service group management in Azure Active Directory: https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-self-service-management#make-a-group-available-for-user-self-service
- Grant granular permissions to security groups: https://learn.microsoft.com/en-us/partner-center/gdap-assign-azure-ad-roles#prerequisites
- Can't see list of users or groups when adding permissions in Access Control in the Azure portal: https://learn.microsoft.com/en-us/troubleshoot/azure/general/cannot-see-users-groups-list-iam