Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
Currently in public preview, Azure AD supports the concept of groups being assigned to administrative units, a means to assign administrative control. We would like to be able to delegate Grouper's control of groups using this method, rather than have full Group read/write role in the entire tenant (a security recommendation). We basically need another changelog consumer parameter to specify an administrative unit (perhaps by ID), which then could be used after creating the group to assign the administrative ID to a group. In Microsoft Graph, the operation would be like this:
{{Http request POST /administrativeUnits/{Admin Unit id}/members/$ref }}
{{Request body { "@odata.id":"https://graph.microsoft.com/beta/groups/
{id}" }}}