Self-Service Group Management
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





To further improve the end user experience, Azure AD offers the ability for users to create and manage their own security groups and Office 365 groups. In addition, users can also request security group memberships as well as Office 365 group memberships. In such cases, the owner of these groups can approve or deny their membership requests. By delegating group membership control, organizations can ensure that the people who best understand the business context for such memberships are the ones controlling group membership. It's important to note, however, that this feature applies only to security groups and Office 365 groups. It does not apply to mail-enabled security groups nor does it apply to distribution lists. There are essentially two flavors of self-service group management currently available. These include delegated group management and self-service group management. An example of delegated group management would be a scenario where an organization uses a SaaS application, whose access is managed by an administrator. As the company grows, access management becomes a bit cumbersome for the administrator to handle. To ease the burden of granting access and revoking access to the application, the administrator requests that the application owner create a new group. 

After the group has been created, the administrator assigns access to the application for the new group. He also adds all users who need access to the application to this group. Because the application owner created the group, he has he ability to add and remove users from it. Users added to the group are automatically granted access to the application, while users that are removed from the group have their access to the application revoked when the leave the group. By delegating group membership management to the application owner, the application owner no longer needs to wait on the administrator to provide and revoke access to the application. Of course, however, the administrator would still be able to see who has access to the application, and he could block access as necessary. A self-service group management example would be a scenario where an app owner manages an application. In order to grant a group of business users access to the application, the app owner creates a group in Azure AD, grants the group access to the application, and then enables self-service group management on the group. When a user in the organization needs access to the application, the user simply requests access to it from the Access Panel. When the request is approved, the user receives access to the application.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.