Skip to content

CX-876 Clarify provisioning capabilities for Exchange groups #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mindymo merged 1 commit into from
Jan 26, 2026
+4 −7
Merged

CX-876 Clarify provisioning capabilities for Exchange groups #38

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions baton/microsoft-entra.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The Entra ID connector supports [automatic account provisioning and deprovisioni

When a new account is created by ConductorOne, the account's password will be sent to a [vault](/product/admin/vaults).

*Due to limitations of the Microsoft Graph API, the connector cannot provision Mail Enabled Security groups or Distribution groups.
*Due to limitations of the Microsoft Graph API and Office 365 Exchange Online API, the connector cannot provision Mail Enabled Security groups or Distribution groups using OAuth.

## Gather Entra ID credentials

Expand Down Expand Up @@ -144,13 +144,10 @@ Locate your new **ConductorOne** app.
</Steps>
**That's it!** Next, move on to the connector configuration instructions.

## Optional: Configure Exchange groups provisioning
## Optional: Configure Exchange groups provisioning with **Client secret** based auth

To set up the connector to support provisioning members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
Comment on lines +147 to +149
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix grammar and terminology issues.

  1. Line 147: Add hyphen to "secret-based" per compound modifier rules.
  2. Line 149: "mailed security groups" should be "mail-enabled security groups" to match the terminology used in line 24.
📝 Proposed fix 
-## Optional: Configure Exchange groups provisioning with **Client secret** based auth
+## Optional: Configure Exchange groups provisioning with **Client secret**-based auth

-To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
+To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mail-enabled security groups, follow these steps:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
## Optional: Configure Exchange groups provisioning with **Client secret** based auth
To set up the connector to support provisioning members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mailed security groups, follow these steps:
## Optional: Configure Exchange groups provisioning with **Client secret**-based auth
To set up the connector to support provisioning owners and members to Exchange groups, which are distribution lists and mail-enabled security groups, follow these steps:
🧰 Tools
🪛 LanguageTool

[grammar] ~147-~147: Use a hyphen to join words.
Context: ...oups provisioning with Client secret based auth To set up the connector to s...

(QB_NEW_EN_HYPHEN)

🤖 Prompt for AI Agents 
In `@baton/microsoft-entra.mdx` around lines 147 - 149, Update the heading and
terminology: change the heading "Optional: Configure Exchange groups
provisioning with **Client secret** based auth" to use the compound modifier
"Client secret-based" and replace the phrase "mailed security groups" in the
same paragraph with the correct term "mail-enabled security groups" so
terminology matches line 24's usage; update the occurrences around the
"Configure Exchange groups provisioning" section and any related sentences
referencing mailed security groups to use "mail‑enabled security groups".


<Tip>
Note: Provisioning users as owners of Exchange groups is not supported; users can only be added as members.
</Tip>
<Steps>
<Step>
In the Microsoft Entra Admin Center, navigate to **App registrations** and click the name of the app you created for this connector.
Expand Down Expand Up @@ -194,7 +191,7 @@ Check **Permanently assigned** and add a justification, such as:
Click **Assign**.
</Step>
</Steps>
**That's it!** Your connector is now ready to allow the provisioning of users as members in Exchange groups.
**That's it!** Your connector is now ready to allow the provisioning of users as owners and members in Exchange groups.

## Configure the Entra ID connector

Expand Down