Are nested groups inside azure active directory work in SharePoint online

Question

Are nested groups inside azure active directory work in SharePoint online? so if we created a nested azure active directory group, can we add this nested group to SharePoint site permission?

In other words, let say we have 2 AD groups; Group-A & Group-B .. and we added Group-B inside Group-A inside Azure AD.. then we added the nested AD group to a SharePoint site >> then will all users inside AD Group-A and AD Group-B get the permission on SharePoint?
Thanks

Answer 1

Hi @john john ,

We can add nested group to SharePoint site permission. But you have to make sure Group A and Group B are Security groups.

We don't currently support:

• Adding groups to a group synced with on-premises Active Directory.
• Adding Security groups to Microsoft 365 groups.
• Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups.
• Assigning apps to nested groups.
• Applying licenses to nested groups.
• Adding distribution groups in nesting scenarios.
• Adding security groups as members of mail-enabled security groups

For Reference: Add a group to another group

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I think Microsoft recently announced the Azure AD nested group support. This is supported for Office/Microsoft 365 Groups.

The following is one of the queries I used. It's still under public preview hence there are some limitations as explained in the below blog post.

More details -> How to Create Nested Azure AD Dynamic Groups

device.memberof -any (group.objectId -in ['bf9f0a6d-bfbc-41d2-8005-ca51dbe118cf', '8c169afa-6fd5-4ce2-a857-9eb8e22d37b4'])

KR
Anoop