With the release of System Center Configuration Manager Current Branch 1906 (SCCM Current Branch), you can now synchronize your device collections to Azure Active Directory, allowing you to use your on-premises grouping rules to the cloud.
This is a one way SCCM to Azure AD process; any membership updates done in Azure AD will not be reflected back to the SCCM collection.
Off course, the Azure AD membership will contains only SCCM client which also have a corresponding Azure AD device object.
To enable this feature, access your SCCM administration console and reach out the Administration\Cloud Services\Azure Services workspace and edit your Cloud Management feature
Then reach out the Collection Synchronization tab and enable the Azure Active Directory Group Sync
Then you need to create a corresponding security/assigned group in Azure AD; the collection synchronization is not going to create a new group for you but just manage the membership.
Then you can choose which collection(s) to synchronize to Azure AD by accessing the Assets and Compliance\Device Collections workspace from your SCCM administration console and locate the collection you want to sync to Azure AD. Then open her properties and reach out the AAD Group Sync tab to add the Azure AD Group to sync with
Then you need to wait up to 10 minutes (usually between 5 and 7 minutes) to confirm the Azure AD group membership has been updated with the Device collection members.
Below an example before and after for an Azure AD groups called “All Azure AD RMS Management Systems”
