Azure AD groups are split into two different categories:

  • Security groups are used to manage member and computer access to resources via a security policy. These contain users, devices, other groups and service principals.
  • Microsoft 365 groups enable collaboration across mailboxes, calendars, files, SharePoint sites and more.


Membership of groups is fairly flexible:

  • Open groups can be joined freely by users.
  • Request groups require users enter a business justification which an owner must approve.
  • Closed groups require users to be added by a group owner or AAD administrator.

Owners can manage group membership, and expiration dates allow for automatic deletion of project groups, preventing sprawl.

Groups can be either assigned, where members are statically managed, or dynamic, where users are assigned based on matching a set of criteria.