To create a group named “Audit” and ensure that its members can activate the Security Reader role, follow these steps:
Open the Microsoft Entra admin center:
Sign in with an account that has the Security Administrator or Global Administrator role.
Navigate to Groups:
Go toTeams & groups>Active teams and groups1.
Create the security group:
Select Add a security group.
On the Set up the basics page, enter “Audit” as the group name.
Add a description if necessary and chooseNext1.
Edit settings:
On theEdit settingspage, select whether you want Microsoft Entra roles to be assignable to this group and selectNext1.
Assign roles:
After creating the group, go to Roles > All roles.
Find and select the Security Reader role.
Under Assignments, choose Assign.
Select the “Audit” group to assign the role to its members2.
Review and finish:
Review the settings to ensure the “Audit” group is created with the ability for its members to activate the Security Reader role.
Finish the setup and save the changes.
By following these steps, you will have created the “Audit” group and enabled its members to activate the Security Reader role, which allows them to view security-related information without having permissions to change it. Remember to communicate the new group and role assignment to the relevant stakeholders in your organization.
