Microsoft Entra ID Security Groups Management

As we all know, Microsoft renamed Azure Active Directory (AAD) to Microsoft Entra ID back in November 2023. The reason for this move is explained in detail in this Microsoft doc. This is just a product name change and all of the existing features and capabilities are still available in the Microsoft Entra ID.

This blog will have a quick walkthrough of the Microsoft Entra ID security group and team members’ management.

Managing team from Microsoft Entra ID admin center

You can navigate to Power Platform Admin Center and under Admin centers > “Microsoft Entra ID” will be available as one of the options.

On being clicked> It will redirect you to the Microsoft Entra URL Page. From within the sitemap, you can navigate to Identity > under it expand Users entity > Select All Users and that will display all the users as shown below

Microsoft Entra ID Security Groups Management

Managing from Azure Portal

The other way is to log to the Azure Portal > Under All services > select “Microsoft Entra ID” as shown below:

Microsoft Entra ID Security Groups Management

NOTE: The Azure AD product icon is replaced with the Microsoft Entra ID product icon as highlighted above.

Now let’s create a team in CRM with the type “Microsoft Entra ID Security Group” and manage the members in it. If you don’t know how to create teams in CRM then you need to refer to our previous blog wherein we have explained how to create a team of type “AAD Security Group” which is now renamed as “Microsoft Entra ID Security Group”.

When you try to create a team from Power Platform Admin Center > Select the appropriate Environment > Settings > Teams > Click on Create team > Quick create form will open as below.

You will observe that under Team Type these new renamed options are displayed. “Microsoft Entra ID Security Group” formerly called “AAD Security Group” and “Microsoft Entra ID Office Group” formerly called “AAD Office Group”.

Microsoft Entra ID Security Groups Management

When you select Team Types its relevant fields will be visible, as in this scenario when Team Type is selected as “Microsoft Entra ID Security Group” the below fields become visible on the form:

Group Name
Membership Type

Microsoft Entra ID Security Groups Management

Group Name– When you start typing the group name here, it helps you to select the group from existing groups that are created already in the Microsoft Entra admin center. For this demonstration select the “Sales Team” group as below:

Microsoft Entra ID Security Groups Management

Before starting to enter the text, make sure groups are pre-created in the Microsoft Entra admin center. As you can see “Sales Team” was already created as a security group in the Microsoft Entra admin center below:

Microsoft Entra ID Security Groups Management

Membership Type– which is defaulted to “Members and guests”, If you want you can change it to Members, Owners, or Guests as per need.

When you open the Team in CRM, you will find the “Azure AD Object Id for a group” gets auto-populated matching with the Group Object ID created in the Microsoft Entra Admin center.

Screen clip of “Sales Team” in CRM

Microsoft Entra ID Security Groups Management

NOTE: it is observed that in CRM when the “Entra Security Group” type team is created its associated queue is not created, and hence “Default Queue” is not granted for this type of team which does happen when you create Owner type team.

Screen clip of “Sales Team” in Microsoft Entra admin center

From within the sitemap, you can navigate to Identity > under it expand Groups entity > Select All groups, and open the appropriate team as shown below:

Microsoft Entra ID Security Groups Management

After creating the team, you can add members and select corresponding security roles.

NOTE: When you add members to Team from the Microsoft Entra admin center that doesn’t reflect in the CRM team instantly until that user first time accesses the environment.

Microsoft Entra ID Security Groups Management

As you can see from the Microsoft Entra admin center the above group has 2 team members but not all users are synced instantly to the corresponding Team created in CRM. Hence if you go and check the team members list in the CRM team it may show you a discrepancy in count as shown below only 1 member is shown below:

Microsoft Entra ID Security Groups Management

The simple reason for not displaying another member (Mike in our scenario) is it displays the list of users who have accessed the environment and as Mike hasn’t accessed the environment yet, Once he accesses the environment it will get instantly added in the team, and will inherit the security roles as well in run time.

NOTE: As per Microsoft the team member list in CRM doesn’t show all the group members of the Microsoft Entra group. The group member is added to or removed from the CRM group team only when a Microsoft Entra group member accesses the environment next time. You can refer Note section of this Microsoft doc for more details.

Conclusion

From within the Microsoft Entra Admin Center you can manage Groups, Group Members, Group Licensing, and Group Security quickly and easily.

Microsoft Power Platform

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *