AzureAD Protected Groups
Please provide the ability to have protected AzureAD groups which would have similar functionality to the Active Directory protect against accidental deletion function.
We've had a scenario were one of our service desk engineers deleted an AzureAD group by accident, this particular group was used as part of SCIM provisioning therefore all the users were deactivated from the downstream application.
This could potentially be tied into a custom role permission which would only have edit / modify permissions on groups
The product team is working on fine-tuned custom roles for groups to separate read and write permissions, which will help address this issue.