How to assign licenses to nested group members in Microsoft 365?
+
As we know, nested groups do not support group-based licensing in Microsoft Entra ID. However, admins can create dynamic membership groups that automatically include members based on specified attributes. This allows admins to assign licenses to the direct members of nested groups.
Let’s take a scenario:
Imagine you have Group A, which contains Group B and Group C as nested groups. Since licenses assigned to Group A don’t inherit to its child groups due to this nesting, you can create dynamic groups, say 'Dynamic Group D', that automatically include members from Group B and Group C based on the 'memberOf' attribute.
- Navigate to All groups under Identity»Groups in the Microsoft Entra admin center
- Click on New group, fill in the group details and select the Group type as Security or Microsoft 365, and the Membership type as dynamic user.
- Select the 'Add dynamic query' and click on 'Edit' to write the rule in the Rule syntax box. user.memberof -any (group.objectId -in ['GroupA_Id', 'GroupB_Id', 'GroupC_Id'])
- Click 'OK' and 'Create' to add members of other groups using the memberOf attribute.
By creating dynamic groups in Microsoft Entra ID, you can effectively flatten group membership, allowing direct members of Group A, Group B and Group C to be included in Dynamic group D. Once set up, you can assign licenses to this dynamic group, ensuring other group members receive the proper licenses without facing limitations from nested group structures.