How can we improve Azure Active Directory?

Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

Adding nested groups to Azure AD would add a lot of value to Azure AD.

1,006 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Michael shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

115 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Despite constant Votes for this and comments over the last few months we continue to be ignored by the Azure AD Team...

  • Olivier Lauzon commented  ·   ·  Flag as inappropriate

    This feature is the cornerstone of a good RBAC system and needs to be implemented ASAP as working around it is a pain and really redundant.

    Could you please update us with an ETA for this feature?

    Thank you

  • Anonymous commented  ·   ·  Flag as inappropriate

    Same as the others...not having this feature makes migration to AAD more complex than it should be. Concerning that it wasn't there from the start.

  • Ed Hirst commented  ·   ·  Flag as inappropriate

    Concerning that this has taken so long to get started and wasn't there from the beginning.
    Luckily we are just designing our RBAC structure so can work around this, but given how many apps we have and are integrated with Azure this negates one of the biggest benefits of RBAC.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Can Microsoft please put priority for this. We are trying to move apps from ADFS to Azure and this is a road block.

  • LynnG commented  ·   ·  Flag as inappropriate

    hitting this issue as well. This is something everyone will need.

  • Tim McLaughlin commented  ·   ·  Flag as inappropriate

    Yes, please! We are using AAD more and more via SAML and OAuth, and users are asking for the ability to use their existing group structures.

  • Denis Bogunic commented  ·   ·  Flag as inappropriate

    I'd like to throw my hat in here and second everything mentioned below. This is really a critical omission and needs to get sorted ASAP.

    Any ETA?

  • P Pelzer commented  ·   ·  Flag as inappropriate

    The concept of inheritance has been around since ages and part of old AD's....why not in AAD. It works for Sharepoint and such but not for App's which is just ridiculous! Please MS, make this work.

← Previous 1 3 4 5 6

Feedback and Knowledge Base