Add Azure AD group to sharepoint site and configure site permissions

Create a Sharepoint Teams Site

A Teams site can be created to collaborate with other team members, share documents with each other and to work on a specific project. I recently created few microsoft teams sites on Sharepoint Online and my requirement is to create an Azure Active Directory Security Group and provide Edit permissions to this AD group

. You can also provide different permissions like Read, Full Control etc. In this blog post, I will be assigning Edit Permissions to a Azure AD security Group MyTeam_01 on a Sharepoint Online Teams Site TestSite01.

Creating a Teams site is super easy. Login on Microsoft 365 admin center using Global Administrator rights and click on Sharepoint link under Admin Centers to open Sharepoint Admin center. Once the sharepont admin center opens, you can click on + Create link on the top of the page. Click on Teams site which will open a create site form.

Create a SPO Teams Site

Enter the details like Site Name, Group Owner details and make sure Privacy settings are selected to Private – only members can access this site and click on Next. This will create a Teams Site for you.

Create a SPO Teams Site

Create an Azure Active Directory (AAD) Security Group

To create a Security Group, You can either use Microsoft Azure Portal or Microsoft 365 admin center. I will be using Microsoft 365 admin center for creating a security group.

After you login on Microsoft 365 admin center using administrator credentials. Click on Teams & groups on the left hand side and then click on Active teams & groups. Click on the Security tab and then click on Add a group.

Create an Azure Active Directory (AAD) Security Group

On the Choose a group type page, select Security and click on Next. Provide a name of the group for example MyTeam_01. Click on Create Group. Once the group is created, Proceed to the Sharepoint Admin center where we will add this group to the Sharepoint Online Teams site we just created in previous step.

Create an Azure Active Directory (AAD) Security Group

Configure Sharepoint Site Permissions

Login on the Sharepoint Admin Center and find the site we just created which is TestSite01. Click on the URL to open the site home page.

Sharepoint online teams site link

Click on the Settings Cog on the Top Right hand side of the Home Page and then click on Site Permissions.

Sharepoint online teams site settings

Click on Advanced permission settings.

Sharepoint online teams site advanced permissions settings

Click on Grant Permissions Button on the left hand side.

Sharepoint online teams site advanced permissions settings Grant Permission

Under the Invite People tab, search for the AD Security Group created. If you want to send an email notification to the users then select the checkbox “Send an email invitation“. Also select the Permission Level. You can provide different levels of permissions like Edit, Full Control, Read etc.

Sharepoint online teams site advanced permissions settings

You can either add the AD Security Group as a Member of built in Sharepoint Teams site group which is TestSite01 Members or you can also just select Edit from the drop down list. If you select Edit from the drop-down then group will not be added / nested into the TestSite01 Members group but will be added separately and be assigned with Edit permission to the sharepoint site.

Sharepoint online teams site advanced permissions settings

After you click on Share button, you will see a message on the top right hand side that the Teams Site has been shared with MyTeam_01 AD Security Group.

Sharepoint online teams site created pop-up

Verify Sharepoint Site Permissions

As the permissions are now granted to the AD Security Group MyTeam_01. Let’s verify the permission levels. For this, Click on TestSite01 Members to open configuration settings related to Site Members built in Group.

Sharepoint online teams site advanced permissions settings

Next, Select the AD Security Group added in the previous step and then click on Settings drop-down. From the drop-down options, select View Group Permissions.

Sharepoint online teams site advanced permissions settings View Group Permissions

As you can see the Permission Level assigned to this group is Edit.

Site collection permissions

Add Azure AD security Group into the SPO Site group using powershell

Please follow below steps to add Azure AD security Group into the SPO Site group. First, you need to create an Azure AD security group using New-AzureADgroup powershell command and then using Add-PnPGroupMember command you can add Azure AD group into the sharepoint site group.

Connect to Azure AD

Connect-AzureAD

Create Azure AD security Group named MyTeam_02.

New-AzureADGroup -DisplayName MyTeam_02 -SecurityEnabled $true -MailEnabled $false -MailNickName "NotSet"

Once the group is created, you can also verify it by logging on to Microsoft 365 Admin center and check the Security group.

Azure Active Directory Security Group using Powershell

To Add Azure AD security Group into the SPO Site group, You can use below powershell command:

Add-PnPGroupMember -LoginName <Azure AD Group Name> -Group "<Group Name>"

Example:

Add-PnPGroupMember -LoginName MyTeam_02 -Group "TestSite01 Members"

Read More: How To Create Microsoft 365 Groups In Bulk With Sharepoint Site And Teams Using Powershell