Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD Group Base Licensing

Iron Contributor

Wanting to move to Group base licensing; however, Azure AD having issues reading the membership from a MIM manage mail enable security group.


I have a MIM group with a mail nickname "GROUP_NAME" and the Dynamic Membership Rule ((user.accountEnabled -eq True) -and user.mailNickName -eq "GROUP_NAME"). It's been over a week and still no members.

 

This MIM mail enable security group has four levels of nested groups, this group sync to Azure using one version behind the lastest version of Azure AD Connect.

 

Question: Does a Azure AD Dynamic Group using Dynamic Membership Rule have an issue reading nested groups?

 

Thank You,

-Larry

1 Reply

Hi Larry,

 

Your suspicion is correct - at this time, Azure AD group-based licensing does not support nested groups:  Azure AD group-based licensing limitations and known issues

 

It looks like they are working on it as it is a requested change on User Voice, but never hurts to upvote to let them know you still care!  :)