On-Prem AD Groups in Azure AD

Question

Hi,

i would like to know if we can use the On-Prem Active Directory groups that are synchronized in Azure AD to set in Azure AD Role ?

If it's supported, is it a good idea to define On-Prem AD groups to manage Azure resources or we should use only AzureAD groups to manage Azure resources ?

Thanks!

Answer 1

@charlesthivierge-5859 Thanks for reaching out. Unfortunately, currently the on-prem groups can not be used for assigning Azure AD built in or custom roles.
The same has been called out here : https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept
We will be extending this to On-prem groups as well in future (https://techcommunity.microsoft.com/t5/azure-active-directory-identity/assigning-groups-to-azure-ad-roles-is-now-in-public-preview/ba-p/1257372)

It has following limitations (not supported) :

Assign cloud groups to Azure AD custom roles
Assign cloud groups to Azure AD roles (built-in or custom) over an administrative unit or application scope.
Assign on-premises groups to Azure AD roles (built-in or custom)

Also have a look at known issues about this here : https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept#known-issues

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.

Answer 2

Thanks for your answer.