Self-service group management is a feature of Azure Active Directory (Azure AD) that allows users to create and manage groups within your organization’s directory. This can be a useful way to delegate group management tasks and reduce the workload of your IT team. In this article, we’ll take a look at how to set up self-service group management in Azure AD.
Step 1: Enable self-service group management
To enable self-service group management, follow these steps:
- Sign in to the Azure portal.
- Navigate to the Azure AD blade.
- In the left menu, click “Groups.”
- Click the “Settings” tab.
- Under “Group management,” toggle the switch to “On.”
- Click “Save.”
Step 2: Set group owner permissions
Once you’ve enabled self-service group management, you’ll need to specify which users or groups have the ability to create and manage groups. To do this, follow these steps:
- In the Azure portal, navigate to the Azure AD blade.
- Click on the group you want to set permissions for.
- Click the “Owners” tab.
- Click the “Add owner” button.
- Select the user or group you want to grant ownership to and click “Select.”
- Click “Assign.”
Step 3: Set group member permissions
In addition to setting group owner permissions, you can also specify which users or groups have the ability to join groups. To do this, follow these steps:
- In the Azure portal, navigate to the Azure AD blade.
- Click on the group you want to set permissions for.
- Click the “Members” tab.
- Click the “Add member” button.
- Select the user or group you want to grant membership to and click “Select.”
- Click “Assign.”
Step 4: Set group expiration settings (optional)
If you want to set expiration settings for your groups, you can do so by following these steps:
- In the Azure portal, navigate to the Azure AD blade.
- Click on the group you want to set expiration settings for.
- Click the “Settings” tab.
- Under “Group expiration,” toggle the switch to “On.”
- Specify the number of days until the group expires and click “Save.”
With self-service group management enabled, users in your organization will be able to create and manage their own groups within the Azure AD directory. This can be a useful way to delegate group management tasks and reduce the workload of your IT team.
Interested in know how Azure AD groups work? Follow the embedded link.