Nested AAD groups

[frost-cqre]

Is it possible to use nested AAD groups? I am using Power Users local group to give users rights to elevate, but I'd like to use a nested AAD group in that, which does not seem to be working. If I provision AAD user directly to Power Users, it works perfectly.

Computers are AAD joined, no AD, so I can't use domain groups.

Would this scenario be possible?

Thanks

[pseymour]

I would assume that it's possible, using MSAL or Graph to check memberships in AAD. There are a few issues posted about AAD and Make Me Admin, but no one seems to want to write the code for it.

[frost-cqre]

Well, I can't write the code unfortunately, but is there anything else I could help with?

[frost-cqre]

After some evaluation, I don't think this would be the right way to do it. Checking AAD group membership would require active internet connection, which is not feasible for highly mobile clients. So I stick with local groups and filling them with local users.