Azure AD: Security Groups
Summary
This module contains actions for managing Security Groups in Azure AD.
Mail-Enabled Groups
Unfortunately the Microsoft Graph API does not support creating or updating mail-enabled groups.
These groups can be audited & added to others, but they cannot be created or updated using this plugin.
See here for more information.
Actions
azure_ad.security_groups.
add_member
Add a member to a security group.
Members can be Users or SecurityGroups.
If the member is already in the group, nothing will be modified & the action will succeed.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
group_id: a SecurityGroup ID
-
member_id: a User or SecurityGroup ID
Supported Group & Member Types
You cannot add Unified groups to Security groups.
The Microsoft Graph API does not support adding users to:
-
Mail-Enabled Security Groups
-
Distribution Groups
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
create
Create a security group.
Minimum Plugin Version: 1.0.0
Mail-Enabled Security Groups
This action does not support mail-enabled security groups.
See here for more information.
Input
-
client: an AzureClient
-
display_name: a display name for the group
-
description: optional group description (defaults to empty)
-
owners: optional list of User IDs if setting owners (defaults to no owners)
-
users: optional list of User IDs to add as members
-
groups: optional list of SecurityGroup IDs to add as members
Supplying Groups as Members
You cannot add Unified (Microsoft 365) groups to Security groups.
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
delete
Delete a security group.
Minimum Plugin Version: 1.0.0
Mail-Enabled Security Groups
This action does not support mail-enabled security groups.
See here for more information.
Input
-
client: an AzureClient
-
group_id: a SecurityGroup ID
Output
Nothing is outputted by this action.
Example
1 2 3 4 |
|
azure_ad.security_groups.
display
Display groups in a table.
The table will have the following columns:
- Display Name
- Description
Minimum Plugin Version: 1.0.0
Input
-
text: the title of the table
-
groups: any number of SecurityGroups
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 6 7 8 9 |
|
azure_ad.security_groups.
get_all
Get all security groups.
Minimum Plugin Version: 1.0.0
Input
- client: an AzureClient
Output
A list of SecurityGroups.
Example
1 2 3 4 |
|
azure_ad.security_groups.
get_by_display_name
Get all security groups with the supplied display name.
Display names are not unique, so this action always outputs a list of security groups.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
display_name: the SecurityGroup display name
Output
A list of SecurityGroups.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
get_by_id
Get the group with the supplied group ID.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
group_id: the SecurityGroup ID
Output
A single SecurityGroup.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
get_groups
Get security groups directly in the supplied group.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
group_id: a SecurityGroup ID
Output
A list of SecurityGroups.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
get_interactive
Allow the task operator to search for & select a Security Group interactively.
Minimum Plugin Version: 1.1.0
Input
- client: an AzureClient
Output
A single Security Group.
Automatic Wildcards
When using this action all provided search terms will have a wildcard appended.
Example
1 2 3 4 |
|
azure_ad.security_groups.
get_users
Get users directly in the supplied group.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
group_id: a SecurityGroup ID
Output
A list of Users.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
remove_member
Remove a member from a group.
Members can be Users or SecurityGroups.
If the member is not already in the group, nothing will be modified & the action will succeed.
Minimum Plugin Version: 1.0.0
Input
-
client: an AzureClient
-
group_id: a SecurityGroup ID
-
member_id: a User or SecurityGroup ID
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 |
|
azure_ad.security_groups.
select
Display groups in a table & prompt the task operator to make a selection.
The table will have the following columns:
- Display Name
- Description
Minimum Plugin Version: 1.0.0
Input
-
text: the title of the table
-
groups: any number of SecurityGroups
-
minimum: the minimum number of selections
-
maximum: the maximum number of selections
Output
A Selection containing:
-
total: the number of selected SecurityGroups
-
all: a list of selected SecurityGroups
-
first: the first selected SecurityGroups
Example
1 2 3 4 5 6 7 8 9 10 |
|
azure_ad.security_groups.
select_one
Display groups in a table & prompt the task operator to select one.
The table will have the following columns:
- Display Name
- Description
Minimum Plugin Version: 1.0.0
Input
-
text: the title of the table
-
groups: any number of SecurityGroups
Output
A single SecurityGroup.
Example
1 2 3 4 5 6 7 8 9 10 |
|
azure_ad.security_groups.
update
Update one or more attributes for a security group.
Minimum Plugin Version: 1.0.0
Mail-Enabled Security Groups
This action does not support mail-enabled security groups.
See here for more information.
Input
-
client: an AzureClient
-
group_id: the SecurityGroup ID
-
attributes: a dictionary of attribute names & values to set
Valid Attributes
See this Microsoft article for a list of user attributes.
This action will fail if any invalid attributes are supplied.
Output
Nothing is outputted by this action.
Example
1 2 3 4 5 6 |
|