cipp_create_group
Create a group in a Microsoft 365 tenant for RBAC, Conditional Access, or mail distribution. Operation is reversible by deleting the group.
Instructions
⚠ HIGH-IMPACT. Creates a new group in the tenant, which can be used for security policy assignments (RBAC, Conditional Access) or mail distribution. Reversible by deleting the group. Confirm with the user before invoking.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| description | No | Optional free-text description of the group purpose. | |
| displayName | Yes | Human-readable name for the new group. | |
| mailEnabled | No | When true, the group is mail-enabled and can receive email. Required for Microsoft 365 groups. | |
| mailNickname | No | The mail alias used as the local part of the group email address (e.g. "finance-team" for finance-team@contoso.com). Required when mailEnabled is true. | |
| tenantFilter | Yes | Tenant domain name or ID to scope the operation. Use 'allTenants' to target every managed tenant. | |
| securityEnabled | No | When true, the group can be used for security policy assignments (RBAC, Conditional Access, etc.). |