- Create a Sharepoint Teams Site
- Create an Azure Active Directory (AAD) Security Group
- Configure Sharepoint Site Permissions
- Verify Sharepoint Site Permissions
- Add Azure AD security Group into the SPO Site group using powershell
Create a Sharepoint Teams Site
A Teams site can be created to collaborate with other team members, share documents with each other and to work on a specific project. I recently created few microsoft teams sites on Sharepoint Online and my requirement is to create an Azure Active Directory Security Group and provide Edit permissions to this AD group
. You can also provide different permissions like Read, Full Control etc. In this blog post, I will be assigning Edit Permissions to a Azure AD security Group MyTeam_01 on a Sharepoint Online Teams Site TestSite01.
Creating a Teams site is super easy. Login on Microsoft 365 admin center using Global Administrator rights and click on Sharepoint link under Admin Centers to open Sharepoint Admin center. Once the sharepont admin center opens, you can click on + Create link on the top of the page. Click on Teams site which will open a create site form.
Enter the details like Site Name, Group Owner details and make sure Privacy settings are selected to Private – only members can access this site and click on Next. This will create a Teams Site for you.
Create an Azure Active Directory (AAD) Security Group
After you login on Microsoft 365 admin center using administrator credentials. Click on Teams & groups on the left hand side and then click on Active teams & groups. Click on the Security tab and then click on Add a group.
On the Choose a group type page, select Security and click on Next. Provide a name of the group for example MyTeam_01. Click on Create Group. Once the group is created, Proceed to the Sharepoint Admin center where we will add this group to the Sharepoint Online Teams site we just created in previous step.
Configure Sharepoint Site Permissions
Login on the Sharepoint Admin Center and find the site we just created which is TestSite01. Click on the URL to open the site home page.
Click on the Settings Cog on the Top Right hand side of the Home Page and then click on Site Permissions.
Click on Advanced permission settings.
Click on Grant Permissions Button on the left hand side.
Under the Invite People tab, search for the AD Security Group created. If you want to send an email notification to the users then select the checkbox “Send an email invitation“. Also select the Permission Level. You can provide different levels of permissions like Edit, Full Control, Read etc.
You can either add the AD Security Group as a Member of built in Sharepoint Teams site group which is TestSite01 Members or you can also just select Edit from the drop down list. If you select Edit from the drop-down then group will not be added / nested into the TestSite01 Members group but will be added separately and be assigned with Edit permission to the sharepoint site.
After you click on Share button, you will see a message on the top right hand side that the Teams Site has been shared with MyTeam_01 AD Security Group.
Verify Sharepoint Site Permissions
As the permissions are now granted to the AD Security Group MyTeam_01. Let’s verify the permission levels. For this, Click on TestSite01 Members to open configuration settings related to Site Members built in Group.
Next, Select the AD Security Group added in the previous step and then click on Settings drop-down. From the drop-down options, select View Group Permissions.
As you can see the Permission Level assigned to this group is Edit.
Add Azure AD security Group into the SPO Site group using powershell
Please follow below steps to add Azure AD security Group into the SPO Site group. First, you need to create an Azure AD security group using
New-AzureADgroup powershell command and then using
Add-PnPGroupMember command you can add Azure AD group into the sharepoint site group.
Connect to Azure AD
Create Azure AD security Group named MyTeam_02.
New-AzureADGroup -DisplayName MyTeam_02 -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet"
Once the group is created, you can also verify it by logging on to Microsoft 365 Admin center and check the Security group.
To Add Azure AD security Group into the SPO Site group, You can use below powershell command:
Add-PnPGroupMember -LoginName <Azure AD Group Name> -Group "<Group Name>"
Add-PnPGroupMember -LoginName MyTeam_02 -Group "TestSite01 Members"