Azure AD Custor Role to Only Restory Groups

Question

Hello, I need a little help. I am trying to create a custom role in Azure AD to allow restoration of groups and that's it. There is a Group Administrator built in role with that option but it gives too much power. When I create a new custom role from scratch, it does not give me the options to restore a group. I can only see options to create, delete, modify but not restore. Any ideas?

Answer 1

@Mario A. Hernandez
Thank you for your post!

Based off our Restore a deleted Microsoft 365 group in Azure Active Directory documentation, the only options to restore a deleted group would be through the Azure Portal, AzureAD Admin Center, or PowerShell. From my testing, it doesn't look like the role permission of microsoft.directory/groups/restore is available to be assigned to custom roles. If you'd like this permission to be added to the permissions list, I'd recommend leveraging our User Voice forum so our engineering team can look into implementing this.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

Can you provide some more detail on what you are trying to do with this role? Do you need to restore a group that this role does not own?

I believe you must have one of the following roles to restore and permanently delete users.

Global administrator

Partner Tier1 Support

Partner Tier2 Support

User administrator