Forum Discussion
Entra ID Group Writeback Option Missing from Portal Web Interface
Yesterday in the middle of the day, the group writeback option for Azure AD (Entra ID) security groups and M365 groups was removed from the properties section for each group. (It's normally below the "Microsoft Entra roles can be assigned to the group" y/n). This is regardless of whether you utilize portal.azure.com or entra.microsoft.com.
I had connected to the portal earlier in the day and saw it, then re-authed later in the day and it was gone for all groups. This was verified by a co-worker.
You can still see the writeback option via the group 'list' by adding the writeback column (i.e. Home -> Groups -> All Groups -> Manage View -> Edit Columns), but I'm curious if this was an intended change? I've heard that group writeback support might be going away from Entra ID Connect in favor of Entra Cloud Sync, but that shouldn't affect the actual group attribute for the writeback status within the Azure portal.
When searching, I haven't found anything mentioning the change so I was curious if anyone knew something that I couldn't find.
Thanks.
6 Replies
LainRobertson I do get that V2 is deprecated, but V1 stopped working for my customers as well. It should work according to all articles.
There's nothing I can add to that. As you say, V1 is still supposed to work, though it's important to note that it only works for Microsoft 365 (aka "unified") groups. Non-unified groups are out of scope.
If it was working for specific Microsoft 365 groups and has recently stopped, you may have to reach out directly to Microsoft via your support channel to get an answer on why it's not working for you now.
You could - and should - also check your Entra Connect instance(s) to see if there's any errors contained in the run history that might offer an explanation. This also includes in Event Viewer under the Application log, which can contain additional errors not found in the main miisclient.exe application (as is the case for the password writeback service).
Cheers,
Lain
I tought as much, so back to the former colleges I must go, thank you!
Hi, Joe.
If this was related to the v2 preview via AAD Connect, then its discontinuation was announced earlier this year:
- What’s new in Microsoft Entra – June 2024 - Microsoft Community Hub;
- Group writeback portal operations (preview) in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn (noting the blue information box).
While it's not specifically called out (as you've already noted), if you consider that they did fiddle with attributes between v1 and v2 (also mentioned in the second article above) then it's not inconceivable they're doing so again with the decommissioning of v2.
Cheers,
Lain
- Thank you.
While I understand that they are moving the functionality to cloud sync, I would think that v1 or v2 shouldn't matter in regards to the admin portal display as it was directly related to AAD (EntraID) Connect? i.e. if I have writeback flagged for X group within the portal it gets written back, even if I'm leveraging Cloud sync. Essentially it's just interpreting the flag from the 'writeback' attribute on the group object itself. Or am I interpreting that incorrectly? I very well could be wrong and this 'is' something related to that switchover as you said.
Your link has a nice screenshot of the option I'm referring to here:
https://learn.microsoft.com/en-us/entra/identity/users/groups-write-back-portal#writeback-settings-in-group-properties
In the meantime I'll look at deploying Cloud Sync. We were hesitant initially due to the overly permissive permission requirements on the service account(s) which I believe has since been rectified.
Thanks again.I get the feeling that configuration will only be available through the Cloud Sync UI, not the AAD portal group properties as it exists (existed?) today.
Given they deliberately put in the disclaimer that the v2 preview may disappear without notice (second article; blue information box), this wouldn't be a surprising outcome.
Cheers,
Lain
