I want to assign Azure Active Directory groups to an Azure Active Directory role. But if I open e.g. the role "Directory Readers" and click on "Add Assignment" I can only choose Azure Active Directory users but no groups.
How can I assign an Azure Active Directory group to an Azure Active Directory role?
Thank you in forward!
Best regards Matthias
I'm afraid that you could not assign an Azure Active Directory group to an Azure Active Directory role both in the portal and Powershell.
Here is a workaround. You could get members in the group first, then loop the members and assign members to the role.
$members = Get-AzureADGroupMember -ObjectId {object id of group}
Foreach($member in $members){
Add-AzureADDirectoryRoleMember -ObjectId {object id of directory reader role} -RefObjectId $member.ObjectId
}
If there is still a group in this group, then It will fail when assigning the role to the internal group.
