MathiasS1 on Fri, 05 Aug 2016 12:55:31
hope this is not a faq:
We want to use MFA server on premise. Our idea is to create several user groups where every group owns defined security settings. Through assigning an user into one group the user inherits this security settings. Goal is not to have just one settings
baseline and to overwrite them with individual settings on a per user base, than to have a kind of different baseline settings and to assign one of these baselines to users.
vijisankar on Sat, 06 Aug 2016 12:32:08
SadiqhAhmed-MSFT on Sun, 07 Aug 2016 19:31:23
Yes. The getMemberObjects API returns all groups (transitive) of which the user is a member: https://msdn.microsoft.com/en-us/library/azure/dn835117.aspx . Also, using the checkMemberGroups API you can check whether or not the user is member of a group (transitively): https://msdn.microsoft.com/en-us/library/azure/dn835107.aspx
Here is a complete response from Dushyant Gill here - http://stackoverflow.com/questions/28200071/azure-ad-graph-api-user-memberof-nested-groups
Hope that helps!
If this post was helpful to you, please upvote it and/or mark it as an answer so others can more easily find it in the future.
shawnb_ms on Mon, 08 Aug 2016 23:33:07
When you create a directory synchronization item, you can specify a number of settings, including which phone fields the MFA Server should attempt to import from, which MFA method is the default, whether PIN is required or not, etc. Users that are imported via that sync item get those settings applied to them. So the answer to your question depends on what settings you are looking to configure and set via group. If the settings are the things that you can control via the sync item, then you can create several different sync items that have different settings and that sync with different groups of users. Then those groups will each get the settings associated with that sync item.
MathiasS1 on Tue, 09 Aug 2016 15:54:58