SOLVED

How can regular users add members to a security group if they are the owner

%3CLINGO-SUB%20id%3D%22lingo-sub-968429%22%20slang%3D%22en-US%22%3EHow%20can%20regular%20users%20add%20members%20to%20a%20security%20group%20if%20they%20are%20the%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-968429%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20O365-Admin%20Center%20I%20can%20create%20%3CSTRONG%3Esecurity%20groups%3C%2FSTRONG%3E%2C%20that%20are%20available%20in%20the%20cloud%20(I%20am%20%3CSTRONG%3E%3CEM%3Enot%3C%2FEM%3E%20%3C%2FSTRONG%3Etalking%20about%20O365%20groups)%3C%2FP%3E%3CP%3EIts%20possible%20to%20define%20a%20list%20of%20owners%20and%20members.%3C%2FP%3E%3CP%3EIf%20I%20put%20a%20user%20as%20the%20owner%2C%20that%20is%20%3CEM%3Enot%3C%2FEM%3E%20allowed%20to%20enter%20the%20Admin-center%2C%20how%20can%20those%20users%20change%20the%20group%20memberships%20(ie%20add%20other%20people%20to%20the%20group).%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EWe%20are%20managing%20different%20apps%20through%20security%20groups%20and%20we%20as%20IT%20do%20not%20want%20to%20give%20permissions%20to%20those%20apps.%20So%20we%20would%20like%20to%20enable%20some%20normal%20users%20to%20do%20so.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20is%20this%20possible%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-968429%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Active%20Direcrtory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EO365%20Group%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-968486%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20regular%20users%20add%20members%20to%20a%20security%20group%20if%20they%20are%20the%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-968486%22%20slang%3D%22en-US%22%3EThis%20is%20all%20about%20Azure%20AD%20functionality%2C%20the%20owners%20can%20go%20to%20https%3A%5C%5Cmyapps.microsoft.com%20to%20manage%20their%20groups.%3CBR%20%2F%3EYou%20may%20also%20want%20to%20take%20a%20close%20look%20at%20Azure%20AD%20Entitlement%20Management%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fentitlement-management-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fentitlement-management-overview%3C%2FA%3E%20and%20Access%20reviews%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fperform-access-review%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Fperform-access-review%3C%2FA%3E%20and%20Group%20Self%20Service%20management%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-self-service-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-self-service-management%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-970248%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20regular%20users%20add%20members%20to%20a%20security%20group%20if%20they%20are%20the%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-970248%22%20slang%3D%22en-US%22%3EThey%20can%20technically%20edit%20via%20outlook%20as%20well%20if%20they%20are%20owners%20if%20the%20security%20groups%20are%20mail%20Enabled%20and%20you%20have%20group%20write%20back%20turned%20on%20but%20Deans%20method%20is%20much%20cleaner%20and%20probably%20supported%20longer.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-987475%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20regular%20users%20add%20members%20to%20a%20security%20group%20if%20they%20are%20the%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987475%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%26nbsp%3BPerfect!%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345028%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20regular%20users%20add%20members%20to%20a%20security%20group%20if%20they%20are%20the%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345028%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3Ehope%20all%20is%20well%20your%20way.%26nbsp%3B%20Which%20way%20is%20best%20if%20you%20want%20a%20SG%20member%20to%20be%20able%20to%20add%20other%20members.%26nbsp%3B%20If%20I%20make%20the%20user%20an%20owner%2C%20then%20they%20can%20add%20other%20owners.%26nbsp%3B%20Even%20if%20just%20for%20that%20one%20SG%20but%20still%20would%20like%20to%20configure%20the%20simplest%20way%20to%20allow%20a%20SG%20member%20to%20add%20other%20member%20but%20not%20other%20owners.%26nbsp%3B%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

In O365-Admin Center I can create security groups, that are available in the cloud (I am not talking about O365 groups)

Its possible to define a list of owners and members.

If I put a user as the owner, that is not allowed to enter the Admin-center, how can those users change the group memberships (ie add other people to the group).


We are managing different apps through security groups and we as IT do not want to give permissions to those apps. So we would like to enable some normal users to do so.

We also want to enable some managers to edit site collection wide permissions - and this cannot be done with O365 groups or SharePoint groups. 

 

How is this possible?

4 Replies
Highlighted
Solution
This is all about Azure AD functionality, the owners can go to https:\\myapps.microsoft.com to manage their groups.
You may also want to take a close look at Azure AD Entitlement Management, https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview and Access reviews https://docs.microsoft.com/en-us/azure/active-directory/governance/perform-access-review and Group Self Service management https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-manag...
Highlighted
They can technically edit via outlook as well if they are owners if the security groups are mail Enabled and you have group write back turned on but Deans method is much cleaner and probably supported longer.
Highlighted
Highlighted

@Dean Grosshope all is well your way.  Which way is best if you want a SG member to be able to add other members.  If I make the user an owner, then they can add other owners.  Even if just for that one SG but still would like to configure the simplest way to allow a SG member to add other member but not other owners.  Thanks!