Previously one could add members to mail-enabled security groups via Graph API. But turns out that was a bug, and it was fixed some weeks ago removing this functionality. Would it be possible to allo...
I have a different use case, but I suspect it is caused by the same limitation.
I need a group to override the default outbound Anti-spam policy in the Defender portal.
The group need an approval flow to join it. First the manager, and next a specific person or group.
It would be obvious to do this with an Access Package.
But no:
- Apparently this has to be a "distribution group or mail-enabled security group", which lives in Exchange.
- These group types cannot be managed from Entra ID through the Graph API
And possibly for that reason, you cannot use an Access Package to control membership.
Maybe an M365 group can, but brings a lot of things I have no need or wish for. It cannot be hidden etc.
Strangely I can use a synched onprem group. Maybe we should do the flow in ServiceNow.
Or use two groups, one in Entra ID and one in Exchange. Unfortunately it seems Exchange dynamic group memberships cannot be based on other group memberships, so I guess I will have to schedule my own script or something....