Create the Entra Security Groups

SPARK requires the creation of three Entra security groups to manage access to the SPARK application and resources.

Early in the process, engage the customer and their stakeholders in a discussion about group membership.

The groups required by SPARK are:

Name Description Type Members
SPARK System Admins SPARK Service Administrators & Installers Security The group who will create/manage the Azure services used by this toolkit.

This should be the administrators who will be granted the OWNER or Contributor RBAC role on the resource group in which SPARK is deployed.
SPARK Management Admins SPARK (SPO) Tenant Admins & Approvers Security The Management Admins who are responsible for managing the SPARK program.

This will likely be the SPO Administrators, or appropriate staff with delegated management rights within SPO.
SPARK Site Owners Site Admins and Owners Security All SharePoint/Teams site owners and site collection administrators identified by the SPARK application will automatically be added to this group.

Do not configure the membership of this Group

You can modify the names of these groups to meet your organization’s requirements.

The members of the SPARK Management Admins group will be granted Full Access to the Shared Mailbox created the Exchange Shared Mailbox section of this guide.

Requirements

An Entra administrator will be required for this step. At minimum the installer must have:

  • Access to the Microsoft Entra admin center
  • Groups Administrator role
  • A discussion with the customer about who should be notified and have access to these groups

Steps to complete:

Step 1: Create the Entra Groups

In this step, you will create the 3 Entra Groups used to grant admins and users access to the SPARK components they need to access.

  1. Sign into Microsoft Entra Admin Center

Use the correct URL for your environment:

Worldwide (Commercial) & GCC https://entra.microsoft.com
GCC-High and DoD https://entra.microsoft.us
  1. Select Groups from the left navigation.
New Group

  1. Click on New group from the top navigation

  2. In the Group Type field, select Security

  3. Type in the Group Name (Suggested group names listed below for reference)

SPARK GROUP NAMES

SPARK System Admins
SPARK Management Admins
SPARK Site Owners

  1. Enter a Group Description (if desired)

  2. Under Microsoft Entra roles, select No

  3. Under Membership type, select Assigned

  4. Leave the Owner field blank, or add yourself as the owner if desired. You can always add additional owners later.

  5. Under Members, select No members selected.

  6. In the flyout that appears on the right, search for and select the appropriate users to add to the group. You can always add additional members later.

  7. Click on Select at the bottom of the flyout to save your selections

  8. Click on Create

Create Group

📎- Repeat the above steps to create the SPARK Management Admins group.

📎- Repeat the above steps to create the Site Owners group.

Continue to creating the Shared Mailbox