Nested Groups — Solving Microsoft 365

Nested groups in Microsoft Entra ID are groups whose members include other groups, allowing hierarchical structures like "All Employees" containing "EMEA," "Americas," and "APAC" department groups. Entra ID supports nested groups for many purposes — Conditional Access, SharePoint permissions, app role assignment — but not for all. Notable limitations: group-based licensing doesn't follow nested membership (only direct members get licences), some on-prem-syncable scenarios behave differently, and dynamic groups can't have other groups as members. Always test nested-group behaviour for the specific scenario you're targeting; treating Entra ID like on-prem AD where everything nests transparently can lead to surprises.