BG Beter Geregeld ICT
Microsoft 365 & Entra ID · 2 min leestijd · 23 December 2025

Entra security groups as access profiles in your IAM tool

Already using security groups in Entra ID for SharePoint permissions? You can use those groups one-to-one as AccessProfiles — no duplicate work required.

If you're using M365 properly, you already have security groups — per role, per project, per team. You can put those groups to work directly as RBAC roles in your access management tool.

The pattern

  1. Your AccessGuard tool connects to Entra via OAuth (delegated User.Read.All + Directory.Read.All).
  2. The tool pulls security groups nightly.
  3. Each group becomes an AccessProfile.
  4. Members of the group become members of the profile.
  5. Changes in Entra → next sync → automatically processed in AG.

Which groups work well?

  • Role groups ("Sales Team", "Engineering", "HR").
  • Security groups for SharePoint sites.
  • Conditional Access target groups.

Not suitable

  • M365 Groups (these are for Teams membership, not for IAM).
  • Dynamic groups with complex rules — for IAM, explicit membership is preferred.
  • Groups containing guests (those belong in a separate guest review).

Apply to members

Link each AccessProfile to the systems and items that belong to it. With a single click of "apply", every member of the group is added to systems X, Y, and Z with the correct state. See birthright access for how to combine this.

See also: M365 pillar, RBAC.

Onderwerpen

#iam #entra-id #security-groups #directory-sync

Volledige gids: Gobernanza de Microsoft 365 para pymes — pragmática, no perfeccionista

Dit artikel is onderdeel van onze uitgebreide Microsoft 365 & Entra ID-gids. Lees de pillar voor het complete plaatje.

Lees de pillar →

Verwant leesmateriaal

Microsoft 365 & Entra ID

Microsoft 365 governance for SMBs — pragmatic, not perfectionist

M365 is the largest piece of SaaS in most SMBs. This guide walks through the governance layers — identity, licensing, MFA, Conditional Access, data, retention — covering what's truly essential and what can wait.

2 min
Offboarding

Watertight Offboarding in 12 Steps

Someone is leaving. In SMEs, this is where most data breaches begin. Here is a checklist that covers what you actually need to do — with deadlines, owners, and pitfalls.

2 min
Toegangsbeheer

Access Management for SMBs: The Complete Guide (2026)

From your first access matrix to periodic reviews and directory sync — everything you need to know when your business grows beyond 10 people but you don't have an IT department yet.

3 min
Offboarding

Onboarding–offboarding parity: the best test for your IAM

If onboarding does something, offboarding should undo it. When that parity breaks down, orphaned accounts pile up — often going unnoticed for years.

2 min
Toegangsbeheer

Giving external parties access without leaving the door wide open

Consultant, accountant, freelance dev, partner company. All people who aren't employees but still need access to something. Here's a pattern that works — without ending up with 47 ghost accounts two years down the line.

2 min
Toegangsbeheer

Access matrix vs. RBAC: what fits your growth stage?

A direct matrix (person × system) works up to around 30 employees. After that, you go role-based. Here's when to make the switch — and how to do it without a big bang.

2 min
← Alle artikelen in "Microsoft 365 & Entra ID"