Task: Create and Manage Groups

Video: Manage Groups

Estimated time: 10 minutes

Goal

The goal of this task is to create and manage Azure AD security groups. This includes creating both assigned and dynamic groups, managing group membership and nesting groups.

Pre-requisites

A non-production Azure subscription
Access to a non-production Premium P2 tier Azure AD tenant
Three sample users (see pre-requisite setup)

Requirements

Requirement 1: Create groups
Requirement 2: Create dynamic groups
Requirement 3: Manage groups

Pre-requisite setup

This task requires three users that are created in another task. If you did not complete the task in which the bulk1, bulk2, and bulk3 users are created, then create three users with the following settings:

First user:

Setting	Value
Name	Bulk user 1
User name	bulk1@<your tenant name>.onmicrosoft.com
Initial password	<a strong password>
Block sign in	No
Department	Operations
Usage location	United States

Second user:

Setting	Value
Name	Bulk user 2
User name	bulk2@<your tenant name>.onmicrosoft.com
Initial password	<a strong password>
Block sign in	No
Department	Sales
Usage location	United States

Third user:

Setting	Value
Name	Bulk user 3
User name	bulk3@<your tenant name>.onmicrosoft.com
Initial password	<a strong password>
Block sign in	No
Department	Sales
Usage location	United States

You can add the trial license for Premium P2 to your non-production Azure AD tenant.

Requirement 1: Create groups

For this requirements you will create an Azure AD security group. Create a group with the following settings:

Setting	Value
Group type	Security
Group name	Managers
Group description	ACME managers
Membership type	Assigned
Members	bulk1, bulk2

Requirement 2: Create dynamic groups

Next you will create a dynamic user group. This group will include all of the users who are in the Sales department. Wait for the group membership to finish processing. This may take several minutes. Verify that the group has two members - bulk2 and bulk3.

Requirement 3: Manage groups

Finally, you need to create a group that includes the other two groups. Create a group named allEmployees. Add the sales group and the managers groups to the allEmployees group. Assign the Azure AD Premium P2 license to the allEmployees group.

Cleanup

When you have completed this task, delete the managers, sales, and allEmployees groups. Also delete the bulk1, bulk2, and bulk3 users.