Add Entra Security Group in Sharepoint Site and Configure Site Permissions

In this blog post, we will explore the process of adding an Entra Security group to a SharePoint site and configuring site permissions. We’ll begin by creating a SharePoint Teams Site from scratch and then proceed with the subsequent steps.

Step 1 – Create a Sharepoint Teams Site

A Teams site is a collaborative space for team members to share documents and work on specific projects. Follow below steps to create a Sharepoint Teams site.

  • Log in to the Microsoft 365 admin center as a Global Administrator or Sharepoint Administrator.
  • Click on the “SharePoint” link under Admin Centers to open the SharePoint Admin Center.
  • Once the SharePoint Admin center opens, click on the “+ Create” link at the top of the page.
  • Select “Teams site” to open a create site form.
Step 1 - Create a Sharepoint Teams Site
Step 1 – Create a Sharepoint Teams Site
  • Enter details such as Site Name and Group Owner details in the provided fields.
  • Ensure that Privacy settings are selected as “Private – only members can access this site“.
  • Click on “Next“.
Step 1 - Create a Sharepoint Teams Site
Step 1 – Create a Sharepoint Teams Site

Step 2 – Create an Entra Security Group

To create an Entra Security Group, you can use either the Entra admin center or the Microsoft 365 admin center. For this process, I will be utilizing the Microsoft 365 admin center to create a security group.

  1. Log in to the Microsoft 365 admin center using administrator credentials.
  2. On the left-hand side, click on “Teams & groups” and then select “Active teams & groups“.
  3. Click on the “Security” tab.
  4. Click on “Add a group“.
Step 2 - Create an Entra Security Group
Step 2 – Create an Entra Security Group
  1. On the “Choose a group type” page, select “Security” and click on “Next“.
  2. Provide a name for the group, for example, “MyTeam_01”.
  3. Click on “Create Group
  4. Once the group is created, proceed to the SharePoint Admin center where we will add this group to the SharePoint Online Teams site created in the previous step.
Step 2 - Create an Entra Security Group
Step 2 – Create an Entra Security Group

Step 3 – Configure Sharepoint Site Permissions

  1. Log in to the SharePoint Admin Center.
  2. Locate the site created, named “TestSite01.”
  3. Click on the URL to open the site home page.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  1. Click on the settings cog on the top right-hand side of the home page.
  2. Then, click on “Site Permissions“.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  1. Click on Advanced permission settings.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  1. Click on the Grant Permissions Button on the left-hand side.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  1. Under the ‘Invite People‘ tab, search for the Entra Security Group created. If you wish to send an email notification to the users, select the checkbox ‘Send an email invitation‘. Additionally, choose the permission level; you can provide various levels such as Edit, Full Control, Read, etc.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  • You can either add the Entra Security Group as a member of the built-in SharePoint Teams site group, which is ‘TestSite01 Members,’ or you can also select ‘Edit’ from the drop-down list.
  • If you choose ‘Edit‘ from the drop-down, the group will not be added or nested into the ‘TestSite01 Members’ group; instead, it will be added separately and assigned Edit permission to the SharePoint site.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions
  • After clicking the ‘Share‘ button, you will receive a message on the top right-hand side confirming that the Teams Site has been shared with the ‘MyTeam_01‘ Entra Security Group.
Step 3 - Configure Sharepoint Site Permissions
Step 3 – Configure Sharepoint Site Permissions

Step 4 – Verify Sharepoint Site Permissions

As permissions are now granted to the Entra Security Group ‘MyTeam_01‘, let’s verify the permission levels. For this, click on ‘TestSite01 Members’ to open configuration settings related to the Site Members built-in group.

Step 4 - Verify Sharepoint Site Permissions
Step 4 – Verify Sharepoint Site Permissions
  • Next, select the Entra Security Group added in the previous step, and then click on the ‘Settings‘ drop-down. From the drop-down options, select ‘View Group Permissions‘.
Step 4 - Verify Sharepoint Site Permissions
Step 4 – Verify Sharepoint Site Permissions
  • As you can see, the permission level assigned to this group is ‘Edit‘.
Step 4 - Verify Sharepoint Site Permissions
Step 4 – Verify Sharepoint Site Permissions

Add Entra Security Group to SPO Site Group Using Powershell

Please follow the steps below to add an Entra Security Group to the SPO Site group. First, create an Entra Security Group using the ‘New-AzureADGroup‘ PowerShell command, and then use the ‘Add-PnPGroupMember‘ command to add the Entra Security group to the SharePoint site group.

Connect to Entra ID

Connect-AzureAD

Create Entra Security Group named MyTeam_02

New-AzureADGroup -DisplayName MyTeam_02 -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet"

After creating the group, you can verify it by logging on to the Microsoft 365 Admin center and checking the Security group.

Add Entra Security Group to SPO Site Group Using Powershell
Add Entra Security Group to SPO Site Group Using Powershell

To add an Entra Security Group to the SPO Site group, you can use the following PowerShell command.

Add Entra Security Group to SPO Site Group

Add-PnPGroupMember -LoginName <Entra Security Group Name> -Group "<Group Name>"

Example:

Add-PnPGroupMember -LoginName MyTeam_02 -Group "TestSite01 Members"

Leave a Comment