Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Entra ID Group - Ability to restrict group owners from adding any user accounts
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 54%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Niggie Anwar (IT Services)
0
Reputation points
We have created some groups and given owner access to a few nominated users so they have the ability to add/remove members of those groups.
Whilst we have advised that only accounts with say for example have -cloud in their names can be added they can still add any type of account or any username that exists in our Entra ID.
I have explored dynamic group, however it does not satisfy our needs as once a user attribute is assigned it automatically adds them to that group. There isn't the ability to add manually users in a dynamic group.
Is there anything in the pipeline to allow restriction on groups if they are not dynamic or update dynamic with ability to add users manually?
a. by type per group
b. Ability to restrict by using regular expression (regex) per group, this would help us to restrict part name of accounts that can be added to a particular group.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,771 Reputation points Microsoft Employee Moderator2023-12-20T10:22:12.8733333+00:00 @Niggie Anwar (IT Services) Thank you for reaching out to us, let me research on your ask and revert back.
-
Givary-MSFT 35,771 Reputation points Microsoft Employee Moderator
2023-12-22T03:23:46.6966667+00:00 @Niggie Anwar (IT Services) As I understand you wanted to have a group, where -cloud in their names can be added to the group, lets connect offline to get understanding of your scenario and see how best i can help on achieving this ask
Please send me an email to 'AzCommunity@microsoft.com' with Sub - Attn: Givary and following details in the email body:
Link to this thread/post
We can connect offline and discuss further on this.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 51%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN1%3C/text%3E%3C/svg%3E)
NiggieAnwarAdminAccount-1459 0 Reputation points2024-01-03T13:37:28.32+00:00 @Givary-MSFT when I send an email to the above address, I get a bounce back "The group mtmvp only accepts messages from people in its organization or on its allowed senders list, and your email address isn't on the list."
Sign in to comment
Sign in to answer