How to Manage Security Groups in Sharepoint

Certain departments that have a need for granular access across a wide range of users with a high volume of turnover have been configured with Azure Active Directory security groups. These Azure AD Security groups are also useful if the same group will need to be used to give permissions across multiple SharePoint sites.  This page explains how to manage these security groups.

Evaluation of Business Need

The creation of security groups should be evaluated to see if it is functionally necessary. Factors that should be thought about are 1) the number of users that need to be granted access, 2) the scope of files or folders that need to be granted access to and 3) the amount of turn over of group membership. For example, if there are two folders that need to be shared with two people and there is no known plan for them to not have access in the future, then a security group is not a good solution. Direct rights should be applied. If there are say student workers that will change every semester that need access to only certain areas of a site, that would most likely be a good use for a security group.

 

 Azure AD security groups are different than Microsoft 365 groups that are used in Sharepoint, Teams and other Microsoft cloud applications. Security groups can only be created by USIT staff. 

The Security Group needs to have been created already. To request a new Security Group, create a ticket with the Help Desk for EUT and include the reason for and use of the group, the email address of who should have permission to maintain the group, and a list of the emails for the members of the group. USIT will create a group using the https://admin.microsoft.com portal or Powershell. All groups should be prefixed with a campus designation. ex: "USM-".

Instructions 

  1. USIT has enabled a self-service management interface inside the Microsoft 365 cloud service. You can get to it by going to the account information on any Microsoft 365 page and choosing "View Account".

    • Account menu from upper right of the page with View Account link

  2. This will bring you to your account page where you can view information about various things related to your account.

    Once on this page, click the drop-down at the top and choose "My Groups" off the menu.

    • My Account drop-down menu from upper left of the view account page, with the My Groups menu item.

  3. This page will show all the groups you "own" and the groups you are in (member). Clicking on any of the groups you own will bring up a screen where you can add or remove members as well as see details about the group and even delete the group.

    • Renaming a groups is not recommended. Contact IT if you have any questions. Do not remove the campus prefix from any group. 

    • Restoring a deleted group will require USIT.

Add Members

  1. When you are viewing a group, you can add a member by clicking the "+" sign on the right-hand side.

    • Page with group details showing "+" in upper right to add a group member.

  2. Search for users to add by their full email address. Once you find the user, click the Add button. You can continue to search for more members. Once you have all the members added hit the OK button.

    • Add member window with search box to help find users. Add button is located in the lower left button on the window.

Remove Users

  1. You can remove a member by clicking the 3 dots next to their name and choosing Remove member

Environment

  • SharePoint

 

Details

Article ID: 138303
Created
Tue 3/1/22 5:24 PM
Modified
Wed 9/28/22 10:36 AM
Applies To
Faculty
Staff