SOLVED

How can regular users add members to a security group if they are the owner

Brass Contributor

In O365-Admin Center I can create security groups, that are available in the cloud (I am not talking about O365 groups)

Its possible to define a list of owners and members.

If I put a user as the owner, that is not allowed to enter the Admin-center, how can those users change the group memberships (ie add other people to the group).


We are managing different apps through security groups and we as IT do not want to give permissions to those apps. So we would like to enable some normal users to do so.

We also want to enable some managers to edit site collection wide permissions - and this cannot be done with O365 groups or SharePoint groups. 

 

How is this possible?

10 Replies
best response confirmed by David_Elsner (Brass Contributor)
Solution
This is all about Azure AD functionality, the owners can go to https:\\myapps.microsoft.com to manage their groups.
You may also want to take a close look at Azure AD Entitlement Management, https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview and Access reviews https://docs.microsoft.com/en-us/azure/active-directory/governance/perform-access-review and Group Self Service management https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-manag...
They can technically edit via outlook as well if they are owners if the security groups are mail Enabled and you have group write back turned on but Deans method is much cleaner and probably supported longer.

@Dean_Grosshope all is well your way.  Which way is best if you want a SG member to be able to add other members.  If I make the user an owner, then they can add other owners.  Even if just for that one SG but still would like to configure the simplest way to allow a SG member to add other member but not other owners.  Thanks!

@Dean_Gross what do I look for in myapps.microsoft.com to edit a security group if I am the owner? Do I search for the group name?

@Andrew_H205 I found my way to this thread when I had the same question.

Since it was never answered, from within My Apps, you can hit a drop drown next to "My Apps" in the top left and select "My Groups"

From there it's pretty straight forward to find the groups you (as a user) are an owner to then make additions and removals.

There might be a more direct way to reach this page but this is good enough.

And as others have mentioned maybe making a mail enabled or M365 group for the same purpose as the security group might be a better experience for the end user (Owner) as they don't have to leave outlook.

Excellent thank you!
I completely missed that option until I read your post.

You can also just navigate to https://myaccount.microsoft.com/groups 
instead of going to the apps page and then navigating to the Groups page.

Thank you @Dean_Gross, the Myapps route works very well, except I need the functionality for mail-enabled security groups, and that does not work :sad:! They show up as groups without an owner (even though I and another person are owners), and are generally not possible to change. They are listed as "Exchange managed" or similar ("Exchange-hanterad" in Swedish).

Any other solution for mail-enabled security groups?

Sorry, but Self-service group management features are not available for mail-enabled security groups or distribution lists., see https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-self-service-manage...
1 best response

Accepted Solutions
best response confirmed by David_Elsner (Brass Contributor)
Solution
This is all about Azure AD functionality, the owners can go to https:\\myapps.microsoft.com to manage their groups.
You may also want to take a close look at Azure AD Entitlement Management, https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview and Access reviews https://docs.microsoft.com/en-us/azure/active-directory/governance/perform-access-review and Group Self Service management https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-manag...

View solution in original post