You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/active-directory-manage-groups.md
+10-3Lines changed: 10 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,25 +9,32 @@ ms.service: active-directory
9
9
ms.workload: identity
10
10
ms.subservice: fundamentals
11
11
ms.topic: conceptual
12
-
ms.date: 08/28/2017
12
+
ms.date: 01/08/2020
13
13
ms.author: ajburnle
14
14
ms.reviewer: piotrci
15
15
ms.custom: "it-pro, seodec18"
16
16
ms.collection: M365-identity-device-management
17
17
---
18
18
19
19
# Manage app and resource access using Azure Active Directory groups
20
-
Azure Active Directory (Azure AD) helps you to manage your cloud-based apps, on-premises apps, and your resources using your organization's groups. Your resources can be part of the directory, such as permissions to manage objects through roles in the directory, or external to the directory, such as for Software as a Service (SaaS) apps, Azure services, SharePoint sites, and on-premises resources.
20
+
Azure Active Directory (Azure AD) lets you use groups to manage access to your cloud-based apps, on-premises apps, and your resources. Your resources can be part of the Azure AD organization, such as permissions to manage objects through roles in Azure AD, or external to the organization, such as for Software as a Service (SaaS) apps, Azure services, SharePoint sites, and on-premises resources.
21
21
22
22
>[!NOTE]
23
23
>To use Azure Active Directory, you need an Azure account. If you don't have an account, you can [sign up for a free Azure account](https://azure.microsoft.com/free/).
24
+
>
25
+
> In the Azure portal, you can see some groups whose membership and group details you can't manage in the portal:
26
+
>
27
+
> - Groups synced from on-premises Active Directory can be managed only in on-premises Active Directory.
28
+
> - Other group types such as distribution lists and mail-enabled security groups are managed only in Exchange admin center or Microsoft 365 admin center. You must sign in to Exchange admin center or Microsoft 365 admin center to manage these groups.
29
+
30
+
## How access management in Azure AD works
24
31
25
-
## How does access management in Azure AD work?
26
32
Azure AD helps you give access to your organization's resources by providing access rights to a single user or to an entire Azure AD group. Using groups lets the resource owner (or Azure AD directory owner), assign a set of access permissions to all the members of the group, instead of having to provide the rights one-by-one. The resource or directory owner can also give management rights for the member list to someone else, such as a department manager or a Helpdesk administrator, letting that person add and remove members, as needed. For more information about how to manage group owners, see [Manage group owners](active-directory-accessmanagement-managing-group-owners.md)
27
33
28
34
29
35
30
36
## Ways to assign access rights
37
+
31
38
There are four ways to assign resource access rights to your users:
32
39
33
40
-**Direct assignment.** The resource owner directly assigns the user to the resource.
0 commit comments