Skip to content

Create user groups

We recommend that you create a new user group or groups for your guest users.

You can use groups to give more granular access control. For example, you can put contractors and suppliers in different groups and give each group access to only the apps it needs.


You can use existing groups if you prefer, but they must be security enabled. Groups created in Azure AD are automatically security enabled, but groups created from the Microsoft 365 portal or imported from AD aren't.

To create a user group in Azure AD, do as follows.

  1. Sign in to the Azure portal using a Global administrator account for the directory.
  2. Select Azure Active Directory.

    Azure portal

  3. On the Active Directory page, select Groups. Click New Group.

    Screenshot of Groups page in Azure AD

  4. In the New Group dialog, fill out the fields.

    1. Select a Group type. In this example, Microsoft 365.
    2. Enter a Group name.
    3. Enter a Group email address or accept the default address shown.
    4. Select the Membership type. Use Assigned, which lets you choose specific users and give them unique permissions.
    5. Click Create.

      The group is created.

    Screenshot of New group dialog in Azure AD

You add members to the group later.

Next, you assign resources (apps) to the new groups.