I know it’s possible to setup operator roles by Entra ID Group membership by using Entra ID as an Identity provider but does anyone know if I can create computer groups based on Entra ID group membership similar to the way we could use query group membership for on-premise AD machines from Active Directory? For Entra ID only joined machines it’s not able to query the domain controller like a domain joined client so group membership queries aren’t really possible that route any more but I couldn’t see any way to do it with Entra ID computer groups so I thought i’d ask if anyone knew.
I just read another post related to this topic, someone said that feature is coming with future BigFix release, when? Nobody knows other than HCL team I guess. Sorry this is not an answer but… it seems you’re not alone.
I thought I read the same thing also and was looking for who posted it but couldn’t find the post. I know the Entra ID Identity Provider does group memberships for roles and that works great but haven’t found anything about computer groups yet.
Probably this
Tricky thing here is that the Computer does not appear to have the information about the EntraID groups without some sort of network transaction.
With the on-prem AD, we had to throttle and cache the inspector results to make sure we were not overwhelming the domain controllers of the on-prem AD.
This is a popular idea on our Ideas portal. If you have not already voted for it, now would be a good time.
Apparently I had already voted for it at some point.
1 Like