As you may be already aware, Azure AD provides a capability to create dynamic groups of users or devices.
Well, good news as now you can also reference other groups to be members of such dynamic group.
This feature is currently in preview and there are few limitations:
- The MemberOf attribute is not yet available in the query builder; you have to manually enter the rule using either
user.memberof -any (group.objectId -in [‘groupId’, ‘groupId’]) for a user dynamic group
or
device.memberof -any (group.objectId -in [‘groupId’, ‘groupId’]) for a device dynamic group
- There a limit of 500 dynamic groups using the MemberOf attribute with a member quota of 5000
- Each dynamic group can reference up to 50 other groups
- Only direct members of a security group can become members of the dynamic group
- You can now reference other dynamic group