Azure DevOps Deployment Approval Notifications not delivered to Azure AD Security Group members

Question

In Azure DevOps, I have few teams that consists of Azure AD groups (security groups not distribution groups) and few direct members. While sending an custom email to that team via say from Release Pipeline's "Send Email", the team is expanded and direct members and the members of AD Group get notified. In fact, the email is sent with everyone CCed. However, when the same team is notified via event notification e.g. deployment approval notification, only direct members get the email. As per docs this seems like a designed behavior but since it works for custom email, I was wondering if there is another setting somewhere. Troubleshooting with this doc doesn't work either as I don't see any new diagnostics logs.

Answer 1

Deployment Approval Notifications not delivered to Azure AD Security Group members

Based on my test, I could reproduce similar situation.

The root cause of this issue could be that the Azure AD security group in Azure Devops sets as Do not deliverby default. And it seems that we couldn't change it in Azure Devops.

For Office 365 type AAD Group, it could be set as deliver to the Email Address.

You could check it in Organization Settings -> Global notifications-> Subscribers.

The AAD Groups don't have the Deliver to individual members option. So when the notification is triggered, the notification couldn't work as expected.

This situation is similar to Scenario 1: A member with Do not deliver preference or Scenario 3: A nested group

Updates:

Here is a suggestion ticket about the feature request.