Unable to create groups from Active Directory with "Azure AD roles can be assigned" switched on?

Simon Hughes 111 Reputation points


Just goofing around, so there's probably a simple explanation, but I've just noticed that while logged into my own portal as global admin, I've gone into "Azure Active Directory -> Groups -> New" Group. Membership type is greyed out, but there is no switch option for "Azure AD roles can be assigned". Note that after creating a group I can view properties and see this switch, though disabled, and the switch can only be enabled during group creation.

Please advise if you spot something (obvious) I've overlooked, or is it not currently possible to create user-groups to manage user permissions efficiently in this manner?

I'll probably wind up kicking myself for missing something obvious, but we all have bad days :)

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Simon Hughes 111 Reputation points

    Doh - small oversight. Using personal / free acct, so comes with the free active directory. Needs a P1 (premium) AD license for that feature. I'll leave the post here anyhow in case anyone else comes across the issue and forgets the obvious :D

    2 people found this answer helpful.
    0 comments No comments