Create “Nested” Groups with Azure AD Dynamic Groups (preview)

This feature will help you better manage group memberships by allowing you to build dynamic Azure AD Security Groups and Microsoft 365 groups based on other groups. For example, you can now create Dynamic-Group-A with members of Group-X and Group-Y.

The groups that define the membership of the dynamic group can be any group type represented in Azure Active Directory, such as user or device security groups, Microsoft 365 groups, and groups synced from on-premises. Unlike existing nested security groups today, memberOf dynamic groups return a flat list of members, so they can be used for licensing assignment and application assignment.  


Emails Related to AAD Groups are Changing Format

When using Microsoft 365 and Security groups, emails are sent to users in the following scenarios:


Update on who can manage sensitive attributes of user objects

Today, there are several user attributes that are considered sensitive, and we will be simplifying this model.

  • Some rely on Global Admins (GA) to be able to manage them for all users (admins and non-admins).
  • Others don’t have a Global Admins dependency but the set of admin roles that can manage them and for whom is not consistent.


Enablement of combined security information registration for Azure Active Directory

In April 2020, the combined security information registration experience for registering both multifactor authentication (MFA) and self-service password reset (SSPR) was released for you to opt in. Upcoming, we will be making the new combined security information registration experience the default for all tenants.

Note: This change will not impact you if your tenant was created after August 15th, 2020, or your tenant is located in the China region.


Identity Service: Upcoming feature to recover accidentally deleted service principal objects

Microsoft Graph API will soon start supporting the ability to recover accidentally deleted service principal objects. The application object already supports this ability. The update will make the recovery story better for managing the life cycle of applications in your tenant.


Public Preview – Enabling customization capabilities for SSPR, footer hyperlinks and favicon in Company Branding

We’re updating the Company Branding component of the Azure Active Directory (Azure AD) sign-in page to enable customization capabilities for Self Service Password Reset (SSPR), footer hyperlinks and favicon.

This message is associated with Microsoft 365 Roadmap ID 88928.


Retirement of superseded Azure AD (Azure Active Directory) Connect Sync versions

We will begin retiring past versions of Azure Active Directory (Azure AD) Connect Sync 12 months from the date they are superseded by a newer version.

Key points


Retirement of (Azure AD) Graph and license assignment operations and updates to license management APIs and PowerShell

Today, as communicated on Tech Community, we are providing a reminder that the end of support for Azure Active Directory (Azure AD) Graph will be on June 30, 2022. Apps using Azure AD Graph after this time will no longer receive responses from the Azure AD Graph endpoint.

Since the Azure AD Graph APIs are being retired, we are also retiring the license assignment operation in the MSOnline and Azure AD PowerShell modules.


Passwordless phone sign-in with Microsoft Authenticator experience changing

We are modifying the experience in the Microsoft Authenticator app when approving passwordless phone sign-in requests.

When will this happen:


The settings that allow users to create groups in the Azure portal have been improved

The Azure Active Directory settings that control how users can create security and Microsoft 365 groups have been updated.


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.