Manage Admin Groups

Use this operation to add or remove members in administrator groups.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: Identity Security

Domain: TBD

Modifies: TBD

When to Perform this Operation

As Needed: Proactive or in Response to User/Security

Technical Description and Importance

Managing administrator group memberships ensures that only approved individuals have elevated permissions within the organization. By carefully controlling additions and removals, organizations can reduce risks of privilege misuse or unauthorized changes. Routine updates help maintain alignment with organizational access policies and support operational needs while minimizing potential exposure to security vulnerabilities. Consistent oversight ensures that administrative tasks are performed only by trusted personnel with valid justifications.

Management Options

• Add to Admin Roles
• Remove from Admin Roles

Add to Admin Roles:

Purpose
Add a user to an administrator group to grant them elevated privileges.
Use Case
 A new IT staff member needs permissions to manage infrastructure tasks in Azure AD.

Remove from Admin Roles:

Purpose
Remove a user from an administrator group to revoke elevated privileges.
Use Case
A former IT staff member’s elevated permissions need to be removed after they transition to a non-administrative role.

Operation	Action	Target
Add to Admin Roles	Addition	Sanctioned Administrator Group Members
Remove from Admin Roles	Removal	Sanctioned Administrator Group Members

Add to Admin Roles

This operation adds a user to an administrator group, enabling access to elevated privileges.

       1. Add User to Admin Role in Azure AD

Remove from Admin Roles

This operation removes a user from an administrator group, revoking their elevated privileges.

       1. Remove User from Admin Role in Azure AD

Need Assistance?