The Azure Active Directory settings that control how users can create security and Microsoft 365 groups have been updated. In the Azure portal, if you set either Security Groups or Microsoft 365 Groups to No, your settings may have been updated to Yes. Please validate these settings are correct for your tenant.
- Identity Service
Here are the previous settings:
Here are the new settings:
- The previous settings, when set to No, would still allow users to create groups in PowerShell and APIs and other portals, but not in Azure portals. To ensure this setting is honored consistently across the Azure portals, PowerShell, and API, we introduced an updated setting.
- The new settings, when set to No, will not allow users to create groups in Azure portals, PowerShell, or via the API.
- The new settings, when set to Yes, will allow users to create groups in Azure portals, PowerShell, and via the API.
Starting in May 2021, there was a transition period of a few weeks where you could select your preferred default values before the new settings took effect. If you did not specify your preferred default values during this transition period the new settings were set to the previous API settings. If you had previously set these values to No in the Azure portal, these values may have been reset during the implementation if the API settings still allowed users to create groups.
How this will affect your organization
These new settings control how users are allowed to create security and Microsoft 365 groups in Azure portals, as well as PowerShell and API.
What you need to do
Follow these steps to ensure these new settings are appropriate for how you would like groups to be managed in your organization.
- Sign in to the Azure portal as Global Administrator or Privileged Role Administrator.
- Navigate to Azure Active Directory > Groups > Settings General.
- Verify and, if necessary, update the following settings:
- Security Groups: Users can create security groups in Azure portals, API or PowerShell
- Microsoft 365 Groups: Users can create Microsoft 365 groups in Azure portals, API or PowerShell
- Users can only create security and Microsoft 365 groups in Azure portal being deprecated
- Group settings
- Set up self-service group management in Azure Active Directory
Message ID: MC275349
Published: 03 August 2021
Updated: 03 August 2021