Medium

Groups without owners

Identifies Microsoft 365 groups and security groups without assigned owners.

Category: Identity
Default severity: Medium
Rule key: CHECK_GROUPS_WITHOUT_OWNERS
Last updated: February 20, 2026

How to fix it

Assign at least one owner to every group. Groups without owners cannot be managed effectively and pose a governance risk.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Directory.Read.All
Group.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →