Allowed Entities Registry Key Does Not Support Azure AD Security Groups

[aces-jake]

Hello!

First off, thank you for the great tool! I'm glad you chose to publish it!

I tried to set the Allowed Entities registry key to the SID of an O365 Azure AD security which contained a test user group, and it did not work. The app just says that the user isn't authorized to the use the app. I did notice that using the SID of the Azure AD test user did work.

Let me know if I can provide any further information. Thank you!

Jake

[leggo2]

@pseymour Could you confirm that Azure AD security groups are not supported?

For cloud-only/aad-joined devices, this is sorely needed.

[twistedpro]

I don't believe this is a flaw in the application. I have never had any success with security groups from AAD work. Would of made life so much easier if it did!

[salihzett]

@aces-jake did u resolve this case somehow?

[aces-jake]

@salihzett I did not, however we didn't have a hybrid Active Directory / Azure Active Directory set up. I think it may have worked if we did.

[salihzett]

@aces-jake so u are full cloud? ok maybe yes.

[Sondermarken]

I'm having the same issue here, on AAD-joined PC's the application does not grant access to the end user even if they're member of the correct group.

On hybrid PC's the application works as expected.

[failworks]

We are struggling with this issue since most devices are starting to migrate to Azure AD joined only. It's possible to add SID's of Azure AD Groups to registry or even local groups but sadly MakeMeAdmin does not at the moment understand them.

Right now im using local groups to fix this but using Intune to manage custom local groups per device is insane..