Skip to Content

AZ-500: Can You Use Microsoft 365 Groups for Azure RBAC Just Like Security Groups?

By: Author Alex Lim

Posted on

Categories AZ-500

Home » Exam » AZ-500 » AZ-500: Can You Use Microsoft 365 Groups for Azure RBAC Just Like Security Groups?

What’s the Difference Between Using Security Groups and M365 Groups to Secure Azure Resources?

Learn why both Security Groups and Microsoft 365 groups can be used to secure Azure resources through role-based access control (RBAC). Understand the key distinctions and best use cases for each group type, a critical concept for the AZ-500 exam.

Question

Security Groups and Microsoft 365 groups can both be used to secure Azure resources.

A. FALSE
B. TRUE

Answer

B. TRUE

Explanation

The statement is TRUE. Both Security Groups and Microsoft 365 groups can be used to grant access to Azure resources.

Microsoft 365 groups (formerly called Office 365 groups) can be used to secure resources, just like Security groups. Office 365 groups also include additional functionality.

The ability to secure resources in Azure is fundamentally tied to an object’s identity in Azure Active Directory (Azure AD). Both Security Groups and Microsoft 365 Groups are “security-enabled” objects within Azure AD. This means each group type has an associated security principal that can be assigned permissions. Because of this shared characteristic, both can be assigned roles using Azure Role-Based Access Control (RBAC) to manage access to subscriptions, resource groups, and individual resources.

Security Groups

  • The primary purpose of a Security Group is to group users or devices to manage access to shared resources.
  • They are designed specifically for granting permissions and have no other built-in functionality.
  • This is the traditional and most direct method for managing resource access for a collection of users. For example, you can create a “VM Admins” security group and assign it the “Virtual Machine Contributor” role on a resource group.

Microsoft 365 Groups

  • The primary purpose of a Microsoft 365 Group is to facilitate collaboration. When you create one, it provisions a set of shared resources for its members, such as a shared mailbox, calendar, SharePoint site, and Microsoft Teams instance.
  • A key feature is that every Microsoft 365 Group is automatically security-enabled.
  • Because they are security-enabled, they can function just like a Security Group for access management purposes. You can assign an Azure RBAC role to a Microsoft 365 group, and all its members will inherit those permissions. This is useful when a collaborative team already exists as a Microsoft 365 group and also needs access to related Azure resources, which avoids the need to manage a separate security group for the same members.

Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.