Managing Groups

A "Managed Group" is an Entra ID security boundary governed by PAM-Pro infrastructure. Rather than leaving individuals permanently stationed in high-risk groups, PAM-Pro strips out all members and manages dynamic injection.

Ingesting Existing Groups

  1. Navigate to Discovery > Entra Catalog.
  2. The engine will automatically reveal high-risk orphaned groups (e.g., "Domain Admins [Legacy]").
  3. Select the target group and click Enable Governance.

The Conversion Process

When you place a group under control, PAM-Pro automatically initiates a transition phase:

  • All permanent assignments are demoted.
  • Those members are granted "Eligible" status.
  • Continuous scanning enforces that out-of-band additions made manually in the Azure Portal are automatically reverted and alerted upon.

Was this page helpful?