简体繁体 English

Azure广告嵌套组

[英]Azure ad nested group

原文 2022-04-04 14:23:39 1 1 azure/ azure-active-directory

Our on prem AD is connected to Azure AD.我们的本地 AD 连接到 Azure AD。 Groups in on prem AD are used to control permissions to various resources.本地 AD 中的组用于控制对各种资源的权限。 Does this configuration support nesting of security groups?这个配置支持安全组嵌套吗？ I place a security group inside another security group in the on prem AD.我将一个安全组放在本地 AD 中的另一个安全组中。 I have read that it does not but that was from 2 years ago.我读到它没有，但那是 2 年前的事了。 I have tested it somewhat and haven't been able to get it to work.我已经对其进行了一些测试，但无法使其正常工作。

1 个解决方案

Nested groups are still not supported for application access, and a couple other scenarios.应用程序访问和其他一些场景仍然不支持嵌套组。

At this time, the following scenarios are supported with nested groups:目前，嵌套组支持以下场景：

One group can be added as a member of another group, and you can achieve group nesting.一个组可以添加为另一个组的成员，可以实现组嵌套。

Group membership claims.组成员声明。 When an app is configured to receive group membership claims in the token, nested groups in which the signed-in user is a member are included.当应用程序配置为接收令牌中的组成员身份声明时，将包含登录用户所属的嵌套组。

Conditional access (when a conditional access policy has a group scope).条件访问（当条件访问策略具有组范围时）。

Restricting access to self-serve password reset.限制对自助服务密码重置的访问。

Restricting which users can do Azure AD Join and device registration.限制哪些用户可以进行 Azure AD 加入和设备注册。

The following scenarios are not supported with nested groups:嵌套组不支持以下场景：

App role assignment, for both access and provisioning.应用程序角色分配，用于访问和配置。 Assigning groups to an app is supported, but any groups nested within the支持将组分配给应用程序，但嵌套在
directly assigned group won't have access.直接分配的组将无权访问。

Group-based licensing (assigning a license automatically to all members of a group).基于组的许可（自动将许可分配给组的所有成员）。

Microsoft 365 Groups. Microsoft 365 组。