Azure roles for Group administration

Copper Contributor

I can't add members and owners to existing Azure groups, Add owner/members is greyed out.
I have the "Group Administrator" and "User Administrator" roles assigned.

There are no problems with groups that I have created myself.

Any clues is appreciated :)

 

10 Replies

what is your current permission in Azure AD ? are you a global admin ?

I have a bounce of permission but not the global administrator.
Guess that the "Group Administrator" should be sufficient.
It's the cloud security groups I can't add members/owners to.
Works fine for our global admins, but that's what we would expect ;)

@Johol62 did you review the group settings in your tenant ? are those groups with a specific owner ?

 

eliekarkafy_0-1688552213810.png

 

It's both groups with and without a owner, except for where I'm specific added as a group owner.
did you try to manage those group from the O365 admin portal and not from Azure AD ?

Hi @Johol62,

you need to have a "Group Owner" (least privilege) and additional "User Administrator" role to be able to manage group membership.

LeonPavesic_0-1688552242335.png

Least privileged roles by task - Microsoft Entra | Microsoft Learn

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

Kindest regards

Leon Pavesic

@LeonPavesic So if there is no group owner in the first place, who do I assign one?
One of my collegues which is not Global admin, he can do it right now, so now we are going through all the roles he has to figure out whats makes the difference for him.

Azure AD

@Johol62 

How's your IAM, under AAD or on-prem?

AAD