| title | Groups Administrator |
|---|---|
| description | Groups Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
Users in this role can create/manage groups and its settings like naming and expiration policies. It is important to understand that assigning a user to this role gives them the ability to manage all groups in the organization across various workloads like Teams, SharePoint, Yammer in addition to Outlook. Also the user will be able to manage the various groups settings across various admin portals like Microsoft admin center, Azure portal, as well as workload specific ones like Teams and SharePoint admin centers.
[!div class="mx-tableFixed"]
Actions Description microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health microsoft.azure.supportTickets/allEntities/allTasks Create and manage Azure support tickets microsoft.directory/bulkJobs.groups/basic/update Update bulk jobs related to groups microsoft.directory/bulkJobs.groups/create Create bulk jobs related to groups microsoft.directory/bulkJobs.groups/standard/read Read bulk jobs related to groups microsoft.directory/deletedItems.groups/delete Permanently delete groups, which can no longer be restored microsoft.directory/deletedItems.groups/restore Restore soft deleted groups to original state microsoft.directory/groups/assignedLabels/update Update the assigned labels property on groups of assigned membership type, excluding role-assignable groups microsoft.directory/groups/assignLicense Assign product licenses to groups for group-based licensing microsoft.directory/groups/basic/update Update basic properties on Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/classification/update Update the classification property on Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/create Create Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/delete Delete Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/dynamicMembershipRule/update Update the dynamic membership rule on Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/groupType/update Update properties that would affect the group type of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/hiddenMembers/read Read hidden members of Security groups and Microsoft 365 groups, including role-assignable groups microsoft.directory/groups/members/update Update members of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/onPremWriteBack/update Update Microsoft Entra groups to be written back to on-premises with Microsoft Entra Connect microsoft.directory/groups/owners/update Update owners of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/groups/reprocessLicenseAssignment Reprocess license assignments for group-based licensing microsoft.directory/groups/restore Restore groups from soft-deleted container microsoft.directory/groups/settings/update Update settings of groups microsoft.directory/groups/visibility/update Update the visibility property of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center