Groups (Admin)

The Groups tab mirrors the Users tab for Entra security groups. Every group discovered by the connector is listed here with member count and group type, ready to be referenced from a visibility list, an agent group, or an admin-access policy.

Groups table with one row per synced Entra group — name, members, type, status, and reconcile control

Layout

The page header carries the section title and the Admin Access chip; the tab strip puts you on Groups. The description line confirms what is on display: "Browse synced Entra ID security groups."

Two header buttons sit above the table:

  • Force reconcile — re-run the group membership sync against Entra and update every row. Useful right after a membership change you cannot afford to wait for the scheduled sync.
  • Refresh — reload the table from the InfraScout cache.

A Show deleted toggle and a free-text search live above the table. The total count (N groups) reflects the active filter.

Table

Each row carries:

  • Group — display name with the group icon, plus a description sub-line where Entra has one.
  • Members — count of users in the group right now.
  • Type — chip for the Entra group type (Security, Mail-enabled, Microsoft 365).
  • Status — chip in the rightmost column (Click row hover affordance).
  • Action — context menu (view members, view dependent visibility lists).

What the data is for

The same three things as users — visibility lists, audit attribution, agent group targeting — except groups apply to every member at once. Granting "AdminAgents" visibility on a tool group is the most efficient way to keep the access policy in sync with HR-driven membership changes.

Force reconcile vs. refresh

The two buttons look similar but do different things. Refresh rerenders the table from the cache InfraScout already has — fast, never makes a Microsoft Graph call. Force reconcile issues a fresh Graph query for every group's members, updates the cache, and then refreshes the table. Reconcile is the right choice after a membership change in Entra you need to honor immediately; refresh is for clearing visual state.

The scheduled background sync (configured on the Connectors tab) handles the steady-state churn — you should not need to reconcile manually except when investigating an access incident.

Show deleted

Like the Users tab, soft-deleted groups stay visible behind the Show deleted toggle for audit retention. They are never used for new visibility checks; they exist only to keep historical attribution sensible.