In Azure AD what is the minimum privilege necessary to give a Guest Inviter the ability to add the invitees to groups?

Question

As a Global administrator role, when I add a Guest User to the tenant, the UI allows me to add the invitee to groups.

However, as a Guest Inviter role, it does not allow me to do this.

So, what is the minimum privileged configuration that I need to give my "project manager people" the ability to add guest users and associate them with specific groups?

Answer 1

I'm still trying to determine how they can get that specific groups box in the invite window to appear for normal users, not sure that possible. However, to answer your question. As long as those PM people are "owners" of those groups in question, they will have the ability to add the guests to those groups. although its 1-2 extra steps. they would have to go to Groups instead of Users, click on the group they want and click add member. that's basically the only way to limit them to be able to add members to certain groups. To make it easier to manage, I would create something like a PM Owner Group manage the membership of that group, then add that group to all the other groups you want those set of users to be able to add guests/members to.

But if you absolutely need the little group section as part of the invite window, my fear is it may need more permissions than you should ever give to a PM. However I will update if I find the exact permission.