Add/remove entitlement functionality was working when we tried provisioning for an azure only group (Created directly in AAD and not available in AD). For an AD group which was synced to Azure, and if we try to do provisioning directly to Azure group, this functionality for not working for me.
Thanks for your message. I think you are right, because I checked with someone who has global admin privilige in Azure AD, that person also could not add/remove users directly in Azure.
Hi @jishnu_suresh , I checked the groups and they only exist in Azure AD, so this is not the same case for us. Do you have any other idea what might be causing this?
Thanks both. All the required permissions were already added. Plus, we granted Exchange Online Administrator. It does not fix the problem unfortunately. We are able to provision security groups but it does not work for Distribution Lists or Mail Enabled Security groups.
Looks like Microsoft has long back removed the ability to manage distribution lists and mail-enabled security groups affecting provisioning from SailPoint.
I think by supported operations, they would have meant that the exchange online mailboxes, distribution lists, and mail-enabled security groups could be managed by Exchange Online Powershell module through IQService.
I guess this is not explicitly mentioned in the official document. Maybe, you can raise this as a feedback to the Docs Team for clear explanation.
Thanks for your explanation but I think it’s clear that these groups can be supported via OOTB connector. The pre-requisite to manage these groups is to install Exchange Online Module 3.0.0 in the IQService host which we already did. And, I see a lot of discussions about EXO mail enabled security group provisioning SailPoint community or developer pages. But, thanks anyway, I will raise a ticket for this or reach out Docs team. Do you know how to contact them?