Does SharePoint Online Cache members of Azure AD Groups

Frequent Contributor

Hi, and thanks for starting this forum!

We have an azure AD security group called ‘PowerApps-GCC-AM Control Group’ (ID is c2e5e562-3851-4417-a743-8b71fc43ecb6) .

 

The AD Group has directly been  given READ permission to a SharePoint Online list called Global Complaints Webform.

 

A user (some.user@tenant.onmicrosoft.com) was in the AD Group previously but has been removed from the group (over a day ago).

 

When I check the users permission on the list SharePoint still thinks the user is in that group:

 

sec.png

 

If the user browses to the list he can view the content of the list.

 

So it seems that SharePoint is caching the members of the AD Group somewhere.

 

Does anyone have any idea how to resolve this issue, or how this caching is done?

1 Reply
Not sure if this is still the case, but I recall in the past folks had similar issues when using AD groups on prem, where changing group membership wouldn't update ACLs in SharePoint. I don't know the solution off the top of my head, but if you'd search for the similar problem but then based on local AD, you might find a workable solution.