![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 64%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Hello Givary-PCS-Test
Greetings! Thanks for raising this question in Q&A forum.
It looks like your question mentions being unable to create a group in Microsoft Entra ID as part of a test case for identity. While the details in your post are brief, this is a common issue that usually comes down to one of a few things — insufficient permissions, tenant-level group creation restrictions, or a licensing requirement. Let me walk you through all the likely causes and fixes.
Step 1: Check Your Role and Permissions
The most common reason for being unable to create a group in Entra ID is not having the right role. To create groups, your account needs at least one of these roles assigned Groups Administrator, User Administrator, or Global Administrator. Go to the Microsoft Entra admin center at https://entra.microsoft.com, navigate to Identity → Users, find your account, click on Assigned roles, and verify that one of these roles is assigned. If not, ask your Global Administrator to assign the appropriate role.
Step 2: Check if Group Creation is Restricted in Your Tenant
Microsoft Entra ID allows tenant administrators to restrict group creation so that only specific users or admins can create groups. If this restriction is in place, regular users (even those with some roles) won't be able to create groups. To check this, go to Microsoft Entra admin center → Identity → Groups → General settings. Look for the setting "Restrict users from creating security groups in Azure portals, API or PowerShell" and "Restrict users from creating Microsoft 365 groups". If these are set to Yes, only admins can create groups, and you'll need your admin to either create the group for you or grant you the necessary role.
Step 3: Check What Type of Group You Are Trying to Create
In Entra ID there are two main group types Security groups and Microsoft 365 groups. Make sure the group type you are trying to create is supported for your scenario. If you are creating a Microsoft 365 group, also ensure that your account has the appropriate licence (Microsoft 365 groups require a valid Microsoft 365 or Entra ID P1/P2 licence in some tenant configurations).
Step 4: Try Creating the Group via PowerShell or Microsoft Graph
If the portal is showing an error, try creating the group using Microsoft Graph or PowerShell to get a more specific error message. In PowerShell, after connecting to Microsoft Graph (Connect-MgGraph), run:
New-MgGroup -DisplayName "TestGroup" -MailEnabled:$false -SecurityEnabled:$true -MailNickname "TestGroup"
Any error returned here will be much more descriptive than the portal and will help pinpoint the exact cause.
Step 5: Check the Entra ID Audit Logs for the Exact Error
Go to Microsoft Entra admin center → Identity → Monitoring & health → Audit logs. Filter by Activity: Create group and your username. The audit log entry for the failed attempt will show the exact reason the operation was denied, such as "Insufficient privileges" or "Policy restriction".
Step 6: Provide More Details for Further Help
If none of the above resolves your issue, please share a bit more detail in the comments — such as the exact error message you are seeing, whether you are trying via the portal or an API/script, and your assigned role in the tenant. That will help give you a more targeted answer.
If this answer helps you kindly accept the answer which will help others who have similar questions.
Best Regards,
Jerald Felix.