Managing groups – Azure

In Azure AD, groups are meant to act as simple containers for multiple identities so that you can easily assign them to resources instead of giving access to individual objects in your tenant. Once a group has been created, you often want to decide which services it should have access to and what permissions should be assigned to it. In this section, we will cover the process of managing them by giving a group a role assignment.

To get ready, you will need a group that you can manage. If you do not have one, please go back to the Creating groups section and set one up.

Now, we will take a look at how to manage groups. Follow these steps: 

  1. When you click on your group, you will gain access to all its settings and configuration details:

Figure 4.23 – Group overview

From this screen, you will be able to perform the following activities:

    • Change the group name, its description, or its membership type by using the Properties button
    • Manage members
    • Manage owners (if you create an Office 365 group and assign it an expiration time, an owner will be notified before a group is expired)
    • Assign a group to other groups
    • Check which applications, licenses, and Azure resources a group is assigned to
  1. Since this is a newly created group, we do not have any assignments. To assign a group to a resource, you will have to go to it and access its Access control (IAM) blade.
I am assuming that you already have a resource that you want to change. If you do not have one, please create one before continuing. If you do not know how to create a resource, go back to Chapter 2, Managing Azure Resources, and Chapter 3, Configuring and Managing Virtual Networks, where we created various services such as Azure Storage and Azure Virtual Network.

All Azure resources have the aforementioned blade displayed right after the overview section. In the following screenshot, you can see it in the Azure Storage resource:

Figure 4.24 – Access control (IAM) blade
  1. To assign a group to it, you will have to click on the + Add button and select the Add role assignment option:

Figure 4.25 – Add role assignment option
  1. In the displayed form, you can select a role and the assignment target. Since we want to assign a role to a group, the value of the Assign access to field should be set to Azure AD user, group, or service principal:

Figure 4.26 – Searching for a group and role selection
  1. You will have to find a group you are searching for and click on it to see it as a Selected member:

Figure 4.27 – Members selected for role assignment
  1. Once you are ready, you can click on the Save button and wait a moment until the assignment is created.

Congratulations  your group is now assigned to a resource and can perform the activities allowed by its role permissions!

Groups are quite simple to manage as they have limited possibilities when it comes to giving them identity. However, since they act as containers, they simplify access management. By assigning a group to a resource with a specific role, all the members of a group are given immediate access to it based on the role’s permissions. This means that you can control access to a specific service in Azure with a certain level of granularity using groups.

Remember that, in many ways, groups behave like a simple identity. This means that you can assign them the very same set of roles as you would do for a user and you do not need any special functionality to do so.

In this section, you learned how to manage a group in an Azure AD tenant. The important thing here is to remember the value that groups bring to your directory – you can be more productive and manage access with ease (as you do not have to track all the users assigned to resources).

In fact, using groups is the only way to ensure that you have things under control – when you have hundreds or thousands of users inside your directory, managing all of them individually would be really tiresome.

In the next section, we will cover roles in Azure Active Directory. This will help you understand how to configure access properly.

Related Articles

How to add swap space on Ubuntu 21.04 Operating System

How to add swap space on Ubuntu 21.04 Operating System

The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

read more

Lorem ipsum dolor sit amet consectetur


Submit a Comment

Your email address will not be published. Required fields are marked *

five × one =