Azure Active Directory (AAD) Group can be helpful in multiple places to do authentication & authorization for Azure PaaS application. Currently, there are two types of AAD Groups:
- Service (group)
Used to manage computer and user access for a group of users. It can have users, group, device or another service principal as its member and users. It can only have a service principal as the owner.
- Microsoft 365 (group)
Used to give members access to shared email-box, files, calendar and more.. It can have only users as a member. It can be both users or service principal.
Let's see how to create an AAD group (e.g. Microsoft 365 group),
Step 1
Login to your Azure portal (https://portal.azure.com/)
=> Go to the Azure Active Directory
=> Click on Groups
Step 2
Select the group and click on Add new group.
Step 3
Fill in the required entries in the new group form,
- Select the group type
- Enter the group name.
- Enter the description.
- Click on Create button
Step 4
Once group got created you can see the newly created Group under AAD => Groups tab
Step 5
Newly created AAD Group overview.
Step 6
Let's see its member list; newly-created groups will not have any members its member list.
Step 7
Add member to the group member list,
- Click on members
- Add member
- Now on the right side search for the user from the search box.
- Here I've selected "Test User"
- Similarly, you can select multiple users and the will get added under "selected list" below.
- Once done click on "select"
Step 8
And here member got added.
And with this, an AAD Group is created with one member. By default, the owner will be the person who has created this group.
We can use this AAD group in multiple places, like files, calendar, email-box access... even for Azure SQL access.
The good part is as soon as we're adding a member to the AAD group, and using this group for Azure SQL login, at the same time a particular user will be able to access Azure SQL.
In a future post, we'll see how to add a user to this AAD Group programmatically.