As an Assistant Administrator, you can use DRA to manage Azure groups when Azure Active Directory is configured by the DRA Administrator. Azure groups enable you to give specific permissions to a defined set of user accounts. Azure groups let you control which data and resources a user account can access in any tenant.
This section guides you through administering Azure groups in the Web Console. With the appropriate powers, you can perform various Azure group tasks.
NOTE:Supported Members; Azure group members can be Azure users, Azure groups, synced users, and synced groups.
You can add user accounts (both on-premises and Azure) to an Azure managed group.
This task adds multiple accounts to a selected group. You can add a single account to a group by selecting the appropriate account.If adding an account to another group increases your powers for the account, DRA does not permit you to add the account.
You can nest groups by adding other groups (both on-premises and Azure) to a managed Azure group. When a group is nested in an Azure group, the child group inherits permissions from the parent group.
If adding a domain or Azure group to another Azure group increases your powers for the source group, DRA does not permit you to add the group.
You can create an Azure group in Azure Active Directory. You can also modify properties, such as adding Azure group members to the new group.
If an owner is not specified, by default DRA provides the Azure tenant access account as the owner.
The powers you have determine which properties you can modify for a group in the Azure Active Directory.
Exporting results: DRA enables you to export the Members and Member Of results as a CSV file. To export the Members or Member Of results from the Web Console, go to Management > Search and click Properties. Navigate to the Members or the Member Of tab and click the Download icon.
NOTE:The unsaved changes are not exported. Ensure you save any recent changes so they are available in the exported file.
You can set the ownership of any groups. You can grant the group ownership permission to a user account or group. Granting group ownership allows the specified user account or group to manage the group including membership.
You can delete Azure groups from Azure Active Directory, but they cannot be restored from DRA.