Forum Discussion
Entra ID Group Writeback Option Missing from Portal Web Interface
Yesterday in the middle of the day, the group writeback option for Azure AD (Entra ID) security groups and M365 groups was removed from the properties section for each group. (It's normally below the "Microsoft Entra roles can be assigned to the group" y/n). This is regardless of whether you utilize portal.azure.com or entra.microsoft.com.
I had connected to the portal earlier in the day and saw it, then re-authed later in the day and it was gone for all groups. This was verified by a co-worker.
You can still see the writeback option via the group 'list' by adding the writeback column (i.e. Home -> Groups -> All Groups -> Manage View -> Edit Columns), but I'm curious if this was an intended change? I've heard that group writeback support might be going away from Entra ID Connect in favor of Entra Cloud Sync, but that shouldn't affect the actual group attribute for the writeback status within the Azure portal.
When searching, I haven't found anything mentioning the change so I was curious if anyone knew something that I couldn't find.
Thanks.
Hi, Joe.
If this was related to the v2 preview via AAD Connect, then its discontinuation was announced earlier this year:
- What’s new in Microsoft Entra – June 2024 - Microsoft Community Hub;
- Group writeback portal operations (preview) in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn (noting the blue information box).
While it's not specifically called out (as you've already noted), if you consider that they did fiddle with attributes between v1 and v2 (also mentioned in the second article above) then it's not inconceivable they're doing so again with the decommissioning of v2.
Cheers,
Lain
- Thank you.
While I understand that they are moving the functionality to cloud sync, I would think that v1 or v2 shouldn't matter in regards to the admin portal display as it was directly related to AAD (EntraID) Connect? i.e. if I have writeback flagged for X group within the portal it gets written back, even if I'm leveraging Cloud sync. Essentially it's just interpreting the flag from the 'writeback' attribute on the group object itself. Or am I interpreting that incorrectly? I very well could be wrong and this 'is' something related to that switchover as you said.
Your link has a nice screenshot of the option I'm referring to here:
https://learn.microsoft.com/en-us/entra/identity/users/groups-write-back-portal#writeback-settings-in-group-properties
In the meantime I'll look at deploying Cloud Sync. We were hesitant initially due to the overly permissive permission requirements on the service account(s) which I believe has since been rectified.
Thanks again.I get the feeling that configuration will only be available through the Cloud Sync UI, not the AAD portal group properties as it exists (existed?) today.
Given they deliberately put in the disclaimer that the v2 preview may disappear without notice (second article; blue information box), this wouldn't be a surprising outcome.
Cheers,
Lain
