The ability to add other principals to an Azure security group
Abuse Info
Via the Azure portal:
- Find the group in your tenant (Microsoft Entra ID -> Manage -> Groups -> Find Group in list)
- Click the group from the list
- In the overview, click “View group memberships”
- At the top, click “Add memberships”
- Find the principals you want to add to the group and click them, then click “select” at the bottom
- You should see a message in the top right saying “Successfully added membership”
Via PowerZure:
Add-AzureADGroup -User [UPN] -Group [Group name]
Opsec Considerations
The Azure activity log for the tenant will log who added what principal to what group, including the date and time.
References
- https://powerzure.readthedocs.io/en/latest/Functions/operational.html#add-azureadgroup
- https://docs.microsoft.com/en-us/powershell/module/azuread/add-azureadgroupmember?view=azureadps-2.0-preview
Updated