Group can now get Azure Ad admin roles
I remeber a time when I tried to get my student understand the benefit of using AGDLP model.
Accounts – is member of
Global groups – that is member of
Domain Local groups – that get
Permissions.
But now when we use Azure AD, all this is gone! Yes, we have had groups in Azure AD for a while. And yes, it almost work as expected. But to assing an Azure AD admin role you have until now been forced to assign individual accounts. That part took a while to implement!
A strange thing is that you need to create an Azure AD group and enable it for Azure AD Roles to have roles assigned. But it will probably be default when it´s general available. Read more: https://t.co/jbQ6ovWShI