Use cloud groups in on-premises Active Directory with group writeback

I'm thrilled to announce major enhancements to group writeback are in public preview! Use Azure AD Connect to write cloud groups, including security groups, back to your on-premises . With this preview, you can manage access to on-premises resources with groups that are managed in the cloud.


Today, you can write M365 groups back to their on-premises as universal distribution groups. With this public preview, we've expanded what groups can be written back, added the ability to manage groups for writeback in MS Graph and the Azure Admin Portal, and added a feature in Azure AD Connect to make it easier to find your groups on-prem.


M365 group enhancements 

  • You'll now be able to write your M365 groups back to on-premises as either a universal Distribution Group, Security Group, or Mail-Enabled Security Group using PowerShell, MS Graph, or the Azure Admin Portal. 
  • You can set a tenant-wide setting to automatically write back newly created M365 groups using MS Graph. 


New group writeback features 

  • You can now also configure writing Azure AD Security Groups back to on-premises Active Directory as a universal Security Group using PowerShell, MS Graph, or the Microsoft Entra . 
  • When configuring group writeback in Azure AD Connect, you have the option to swap the common name of the on-prem distinguished name to be the cloud group's display name, making it easier to identify what groups are being written back from Azure AD.
  • You can manage what groups you'd like to write back to Active Directory using MS Graph Explorer and the Microsoft Entra . 



Learn more about Microsoft identity: 


This article was originally published by Microsoft's Azure Blog. You can find the original article here.