Objective
Create groups in Azure Active Directory
- Statically assigned groups
- Dynamically assigned groups
- Groups using CLI and PowerShell
Process
From the Azure Active Directory click create new group
- Fill out the information
Azure CLI
Documentation: az ad group | Microsoft Docs
az ad group create --display-name --mail-nickname [--description] [--force {false, true}]
Example: create a static assigned group named “Static Test Group”
az ad group create --display-name 'Static Test Group' --mail-nickname Static --description "Static group made for testing purposes"
PowerShell
Documentation: New-AzureADGroup (AzureAD) | Microsoft Docs
Connect-AzureAD
New-AzureADGroup [-InformationAction <ActionPreference>] [-InformationVariable <String>] [-Description <String>] -DisplayName <String> -MailEnabled <Boolean> -MailNickName <String> -SecurityEnabled <Boolean> [<CommonParameters>]
More Feature Rich cmdlet New-AzureADMSGroup
Documentation: New-AzureADMSGroup (AzureAD) | Microsoft Docs
New-AzureADMSGroup [-Description <String>] -DisplayName <String> [-IsAssignableToRole <Boolean>] -MailEnabled <Boolean> -MailNickname <String> -SecurityEnabled <Boolean> [-GroupTypes <System.Collections.Generic.List`1[System.String]>] [-Visibility <String>] [<CommonParameters>]
Example: Create a group named “Dynamic Test Group”
Can’t create groups as dynamic currently so we will set it to dynamic after manually
New-AzureADMSGroup -DisplayName "Dynamic Test Group" -MailEnabled $false -SecurityEnabled $true -MailNickName 'NotSet'
Dynamic Assignment
Change membership type to Dynamic User/Device
Configure rules to have users/devices dynamically assigned to the group
Conclusion
A static group was created and we can add users into the group manually
A dynamic group was created and we set the group to add anyone with ‘bui’ in the display name
