Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

A lot of organizations use nested groups in on-premise AD. Syncronizing these groups to Azure AD have no value today. But the group itself have value on-premise
Creating new group in AD with only users and then synchronize it to Azure AD creates extra administration for administrators and confusion for end-users.

Dynamic Groups in Azure AD as of today don’t have support for “Member Of” or similar hence don’t solve the problem.

Adding nested groups to Azure AD would add a lot of value to Azure AD.

2,647 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Michael shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  AdminAzure AD Team (Admin, Microsoft Azure) responded  · 

We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.

Use case A: nested group in a cloud security group inherits apps assignment
Use case B: nested group in a cloud security group inherits license assignment
Use case C: nesting groups under Office 365 groups

Show previous admin responses (4)

518 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Juha Järvenpää commented  ·   ·  Flag as inappropriate

    1) Use case C: nesting groups under Office 365 groups
    2) Use case A: nested group in a cloud security group inherits apps assignment
    3) Use case B: nested group in a cloud security group inherits license assignment

  • Anonymous commented  ·   ·  Flag as inappropriate

    It would be helpful if you could improve with the following priorities:
    1) A
    2) B
    3) C

  • sara021 commented  ·   ·  Flag as inappropriate

    I can see that in Azure AD groups that i can add group membership to a group, isn't that nesting of groups?

    1) B
    2) C
    3) A

  • Stephan commented  ·   ·  Flag as inappropriate

    @Admin Seriously? Almost 5 years after opening the ticket, you're still at "evaluating an option" for something that obvious? Hasn't got any a bit large company at least an Offices / Countries AD-structure that makes it at least 2 levels? ...

  • Arthur Vlachos commented  ·   ·  Flag as inappropriate

    Use Case A as this is the structure we have implemented in our environment and synchronized via AD Connect.

  • Anonymous commented  ·   ·  Flag as inappropriate

    1 - Use case A: nested group in a cloud security group inherits apps assignment
    2 - Use case B: nested group in a cloud security group inherits license assignment
    3 - Use case C: nesting groups under Office 365 groups

  • ADM - Fuchs, Michael commented  ·   ·  Flag as inappropriate

    Use case B: nested group in a cloud security group inherits license assignment
    Use case C: nesting groups under Office 365 groups
    Use case A: nested group in a cloud security group inherits apps assignment

  • Josh Turnbull commented  ·   ·  Flag as inappropriate

    I've just been able to authenticate a member of a nested group to a workspace in Power BI. The group was sourced from on premise AD. Does this mean nested groups are now supported in Azure AD? I can't find any announcements about this?

  • nope commented  ·   ·  Flag as inappropriate

    So one year on from your "Testing" and still this is not implemented. Basic features like this missing is what is holding AAD back, the current upper management team should be fired if after 5 years, of which one was spent "testing" this is still not supported, but hay teams has a slightly different UI now, WOW!

    A,B,C

  • FM commented  ·   ·  Flag as inappropriate

    Please add this option especially if you want people to move to using Azure AD totally or mostly for SSO when you have hundreds of users in various groups to add.

← Previous 1 3 4 5 25 26

Azure Active Directory: SaaS Applications

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice