In this blog post, we will explore the process of adding an Entra Security group to a SharePoint site and configuring site permissions. We’ll begin by creating a SharePoint Teams Site from scratch and then proceed with the subsequent steps.
Table of Contents
Step 1 – Create a Sharepoint Teams Site
A Teams site is a collaborative space for team members to share documents and work on specific projects. Follow below steps to create a Sharepoint Teams site.
- Log in to the Microsoft 365 admin center as a Global Administrator or Sharepoint Administrator.
- Click on the “SharePoint” link under Admin Centers to open the SharePoint Admin Center.
- Once the SharePoint Admin center opens, click on the “+ Create” link at the top of the page.
- Select “Teams site” to open a create site form.
- Enter details such as Site Name and Group Owner details in the provided fields.
- Ensure that Privacy settings are selected as “Private – only members can access this site“.
- Click on “Next“.
Step 2 – Create an Entra Security Group
To create an Entra Security Group, you can use either the Entra admin center or the Microsoft 365 admin center. For this process, I will be utilizing the Microsoft 365 admin center to create a security group.
- Log in to the Microsoft 365 admin center using administrator credentials.
- On the left-hand side, click on “Teams & groups” and then select “Active teams & groups“.
- Click on the “Security” tab.
- Click on “Add a group“.
- On the “Choose a group type” page, select “Security” and click on “Next“.
- Provide a name for the group, for example, “MyTeam_01”.
- Click on “Create Group“
- Once the group is created, proceed to the SharePoint Admin center where we will add this group to the SharePoint Online Teams site created in the previous step.
Step 3 – Configure Sharepoint Site Permissions
- Log in to the SharePoint Admin Center.
- Locate the site created, named “TestSite01.”
- Click on the URL to open the site home page.
- Click on the settings cog on the top right-hand side of the home page.
- Then, click on “Site Permissions“.
- Click on Advanced permission settings.
- Click on the Grant Permissions Button on the left-hand side.
- Under the ‘Invite People‘ tab, search for the Entra Security Group created. If you wish to send an email notification to the users, select the checkbox ‘Send an email invitation‘. Additionally, choose the permission level; you can provide various levels such as Edit, Full Control, Read, etc.
- You can either add the Entra Security Group as a member of the built-in SharePoint Teams site group, which is ‘TestSite01 Members,’ or you can also select ‘Edit’ from the drop-down list.
- If you choose ‘Edit‘ from the drop-down, the group will not be added or nested into the ‘TestSite01 Members’ group; instead, it will be added separately and assigned Edit permission to the SharePoint site.
- After clicking the ‘Share‘ button, you will receive a message on the top right-hand side confirming that the Teams Site has been shared with the ‘MyTeam_01‘ Entra Security Group.
Step 4 – Verify Sharepoint Site Permissions
As permissions are now granted to the Entra Security Group ‘MyTeam_01‘, let’s verify the permission levels. For this, click on ‘TestSite01 Members’ to open configuration settings related to the Site Members built-in group.
- Next, select the Entra Security Group added in the previous step, and then click on the ‘Settings‘ drop-down. From the drop-down options, select ‘View Group Permissions‘.
- As you can see, the permission level assigned to this group is ‘Edit‘.
Add Entra Security Group to SPO Site Group Using Powershell
Please follow the steps below to add an Entra Security Group to the SPO Site group. First, create an Entra Security Group using the ‘New-AzureADGroup‘ PowerShell command, and then use the ‘Add-PnPGroupMember‘ command to add the Entra Security group to the SharePoint site group.
Connect to Entra ID
Connect-AzureADCreate Entra Security Group named MyTeam_02
New-AzureADGroup -DisplayName MyTeam_02 -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet"After creating the group, you can verify it by logging on to the Microsoft 365 Admin center and checking the Security group.
To add an Entra Security Group to the SPO Site group, you can use the following PowerShell command.
Add Entra Security Group to SPO Site Group
Add-PnPGroupMember -LoginName <Entra Security Group Name> -Group "<Group Name>"Example:
Add-PnPGroupMember -LoginName MyTeam_02 -Group "TestSite01 Members"
