Forum Discussion
Azure AD Group Base Licensing
Wanting to move to Group base licensing; however, Azure AD having issues reading the membership from a MIM manage mail enable security group.
I have a MIM group with a mail nickname "GROUP_NAME" and the Dynamic Membership Rule ((user.accountEnabled -eq True) -and user.mailNickName -eq "GROUP_NAME"). It's been over a week and still no members.
This MIM mail enable security group has four levels of nested groups, this group sync to Azure using one version behind the lastest version of Azure AD Connect.
Question: Does a Azure AD Dynamic Group using Dynamic Membership Rule have an issue reading nested groups?
Thank You,
-Larry
1 Reply
Hi Larry,
Your suspicion is correct - at this time, Azure AD group-based licensing does not support nested groups: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-group-advanced#limitations-and-known-issues
It looks like they are working on it as it is a https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15718164-add-support-for-nested-groups-in-azure-ad-app-acc, but never hurts to upvote to let them know you still care! :)
