CODEWITHSUNDEEP
azureazure-active-directorygroup-membership
Ilya Chernomordik
Ilya Chernomordik

Reputation: 30375

How to add a security group as a member of another security group in Azure AD B2C tenant?

I have 2 security groups in AzureAD(B2C tenant) and I want one to be a member of another group. In the GUI, the group is not found when I try to add a new member. I tried to do this with terraform (via Microsoft Graph) and this fails as well.

Microsoft documentation suggests that this is possible.

Is there something I am missing, or does it require e.g. Premium account (nothing like that is mentioned in the docs)?

Upvotes: 0

Views: 4734

Answers (2)

Andriy Bilous
Andriy Bilous

Reputation: 2522

Azure AD nested groups is not supported in Azure AD B2C tenant. Azure AD B2C tenant nested groups

However you can add an existing Security group to another existing Security group in regular AzureAD tenant (also known as nested groups), creating a member group (subgroup) and a parent group.

You do not need to have AzureAD Premium account in .

You can add security group into another security group using following steps:

  • Select Azure Active Directory, and then select Groups.
  • On the Groups - All groups page, search for and open the group that's to become a member of another group
  • Go to Group memberships page, select Group memberships, select Add, locate the group you want your group to be a member of, and then choose Select.

Here is a screenshot from my AzureAD enter image description here

enter image description here

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-membership-azure-portal#add-a-group-to-another-group

Upvotes: 1

JayakrishnaGunnam-MT
JayakrishnaGunnam-MT

Reputation: 1886

You can add an existing Security group to another existing Security group (also known as nested groups), creating a member group (subgroup) and a parent group. The member group inherits the attributes and properties of the parent group, saving you configuration time.

Currently following scenarios are not supported

1.Adding groups to a group synced with on-premises Active Directory.

2.Adding Security groups to Microsoft 365 groups.

3.Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups.

4.Assigning apps to nested groups.

5.Applying licenses to nested groups.

6.Adding distribution groups in nesting scenarios.

7.Adding security groups as members of mail-enabled security groups

Reference

Upvotes: 0

Related Questions