In the recently released 1906 version for SCCM Current Branch, you can now synchronize collection memberships to an Azure AD Group. This is really useful to take advantage of SCCM’s powerful collection membership queries that we can’t do today in Azure.

For more info, see https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections#bkmk_aadcollsync

In this post I have tested it out in my lab with:

• Hybrid Azure AD join set up using Azure AD Connect syncing my computers to Azure AD. The devices in my collection have synchronized to Azure AD.
• Azure AD Tenant added to Azure Services in SCCM and Azure AD User Discovery enabled
• An existing group already created in Azure AD. I will use this to sync the collection members to

This is a pre-release feature of SCCM Current Branch 1906, it needs to be turned on.

Once the feature has been turned on, you need to go to your Azure AD tenant in Azure Services, and Enable Azure Active Directory Group Sync.

In my test collection, I have some devices that are co-managed and already exist in Azure AD. If you go to the properties of the collection, you will see a tab AAD Group Sync. Click on Add.

Click on Search and then you will be prompted to login to your Azure tenant and then select the existing group in Azure AD.

Click on Apply.

The Azure AD synchronization happens every five minutes. It’s a one-way process, from SCCM to Azure AD.

Otherwise you can manually synchronize the collection to Azure AD, by right clicking on the collection and selecting Synchronize Membership (this is greyed out on collections that don’t have AAD Group Sync enabled)

If I check the group in Azure AD, I can now see my collection members.