Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

List Nested Groups in Microsoft 365

Last updated on:

In this page

Nested groups in Microsoft 365 allow one group to be a member of another group. This structure helps administrators simplify access management and mirror organizational hierarchies.

When a group is added as a member of another group, permissions assigned to the parent group may flow down to the nested group’s members, depending on the group type and workload (for example, Entra ID role assignments or Exchange mail flow). Visibility into these relationships varies by tool, which is why administrators need to track the presence of nested groups.

This article will explain how to get a list of Microsoft 365 nested groups using the Microsoft Entra admin center, Microsoft Graph PowerShell, and how you can get a better experience with the convenience of a friendly UI coupled with the capabilities of PowerShell scripting, with ManageEngine M365 Manager Plus.

  • Microsoft Entra admin center
  • Graph PowerShell
  • M365 Manager Plus
 

Method 1: View nested groups using the Microsoft Entra admin center

Prerequisites

You must have at least the Groups Administrator or User Administrator role to view group memberships in the Entra admin center.

Steps

  1. Sign in to the Microsoft Entra admin center.
  2. Go to Groups > All groups.
  3. Search for and select the parent group.
  4. In the left pane, select Members.
  5. Switch to the All members tab.
  6. Look for entries where the Type is Group. These entries indicate nested groups.
The Members tab of a group in the Microsoft Entra admin center showing the list of Microsoft 365 nested group members with the type Group.

Limitations to consider

  • The Microsoft Entra admin center does not provide a way to export the list of all Microsoft 365 nested groups at once. Even the Download groups feature, which provides a CSV of group objects and their details, does not let you download the list of nested groups as attributes of parent groups.
  • You will have to click through each group individually to get the list of its nested groups.

If you wish to get a single list of your Microsoft 365 nested groups, you will have to either resort to Microsoft Graph PowerShell or use a reporting tool dedicated to present this data with just a few clicks, such as ManageEngine M365 Manager Plus.

Method 2: List Microsoft 365 nested groups using Microsoft Graph PowerShell (Get-MgGroupMemberAsGroup)

Prerequisites

Before using Microsoft Graph PowerShell, please verify that:

  1. The Groups Administrator or Global Administrator role is applied to the account you use to sign in to Microsoft Graph PowerShell.
  2. You are connected to the Microsoft Graph PowerShell module.
    1. To check if the Microsoft Graph PowerShell module is installed, use this script: 
      Get-Module Microsoft.Graph -ListAvailable

      If it does not return a value, you will have to install the module.

    2. To install the Microsoft Graph PowerShell module, execute this script: 
      Install-Module Microsoft.Graph -Scope CurrentUser
    3. To connect to Microsoft Graph, run this script: 
      Connect-MgGraph -Scopes "GroupMember.Read.All"

Using Get-MgGroupMemberAsGroup to list Microsoft 365 nested groups

The Get-MgGroupMemberAsGroup cmdlet specifically retrieves members of a group that are themselves groups.

Run the following Microsoft Graph PowerShell script to find all Microsoft 365 nested groups across your organization:

$AllGroups = Get-MgGroup -All
$Results = @()

foreach ($Group in $AllGroups) {
    $NestedGroups = Get-MgGroupMemberAsGroup -GroupId $Group.Id
    foreach ($Nested in $NestedGroups) {
        $Results += [PSCustomObject]@{
            ParentGroupName = $Group.DisplayName
            NestedGroupName = $Nested.DisplayName
            NestedGroupId   = $Nested.Id
        }
    }
}

$Results | Export-Csv -Path "C:\Reports\M365_Nested_Groups.csv" -NoTypeInformation

Scenario: Auditing specific Microsoft 365 nested groups

Consider a scenario where you are an IT administrator who needs to audit a large parent security group to find specific nested groups. The goal is to identify all nested groups whose names contain the word "Contingent".

The following cmdlet utilizes the primary parameters of the Get-MgGroupMemberAsGroup cmdlet to perform a targeted search within a parent group.

Get-MgGroupMemberAsGroup `
    -GroupId "eb36616a-0000-4e32-a5f1-000000000000" `
    -All `
    -Search 'displayName:Contingent' `
    -ConsistencyLevel eventual `
    -Property "DisplayName,Id,Description" `
    -Top 50

Supported parameters for Get-MgGroupMemberAsGroup cmdlet

The following table contains some parameters that can be used with the Get-MgGroupMemberAsGroup cmdlet to export a list of Microsoft 365 nested groups.

Parameter Description
-GroupId The unique identifier (GUID) of the parent group you wish to inspect for nested group memberships.
-Filter Filters the results based on specific properties (e.g., specific display names or types).
-All A switch that ensures all results are returned if the list of nested groups exceeds the default page size.
-Property Specifies the specific group attributes to retrieve, such as DisplayName, Id, or GroupTypes.
-Search Used to find specific nested groups based on a search string (requires the -ConsistencyLevel eventual parameter).
-Top Specifies the maximum number of results to return in a single request.

Method 3: How to export Microsoft 365 nested groups using M365 Manager Plus

Steps

  1. Log in to M365 Manager Plus.
  2. Navigate to the Reports tab > Azure Active Directory > Group Reports, then select the Groups members report.
  3. Select the Microsoft 365 Tenant you wish to generate the report for and click Generate Now. You can now see the list of all group members in the selected tenant.
  4. To view nested groups in the Group Members report, click the filter icon, select Member Type in the first dropdown, type "Group" in the text field, and click Filter. This will get a list of all Microsoft 365 nested groups in the tenant. The Group Display Name shows the parent group and the Member Display Name shows the nested group.
  5. Export the list of Microsoft 365 nested groups by clicking Export As and selecting your desired format.
The Group Members report in M365 Manager Plus showing the list of Microsoft 365 nested group members filtered for the type Group.

Streamline Entra ID user governance and group management

M365 Manager Plus provides a unified command center for managing the entire lifecycle of your Entra ID users and groups. Gain instant visibility into group memberships, ownership gaps, and orphaned objects across your tenant. View, manage, and track identity objects across your Microsoft 365 tenant from a single console—without switching between multiple admin portals.

Review and manage Entra ID users and group ownership

Easily identify users without managers, groups without owners, inactive accounts, and stale memberships. Assign or update group owners, modify user properties, and clean up unused or risky identities directly from the same interface to maintain accountability and ownership across your directory.

Built-in reports for Entra ID users and groups

Access ready-made reports covering user status, sign-in activity, license assignments, group memberships, orphaned groups, and privileged accounts. These reports help you quickly spot inactive users, over-licensed accounts, and groups that lack proper ownership—all without manual data collection.

Audit Entra user and group changes

Track changes made to users and groups, including membership updates, role assignments, license changes, and account status modifications. Audit trails provide clear visibility into who changed what and when, helping you meet security and compliance requirements.

Real-time alerts for critical Entra ID events

Automate common identity operations such as assigning licenses, updating group memberships, disabling inactive users, or enforcing ownership rules using policy-based automation. Reduce manual effort while keeping your Entra ID environment clean and controlled.

Act without PowerShell dependency

Perform reporting, audits, bulk updates, and corrective actions through a GUI-driven interface—without relying on Microsoft Graph PowerShell scripts. This reduces operational complexity, minimizes errors, and speeds up Entra ID administration with just a few clicks.

Important tips

Track nested group membership changes: Improperly nested groups can lead to circular nesting (Group A in Group B, and Group B in Group A), which can cause issues with permission processing.

Verify Microsoft 365 group limitations: Standard Microsoft 365 Groups (formerly Office 365 Groups) do not support traditional nesting as members; however, they can be nested within distribution lists or security groups.

Frequently asked questions

No. Microsoft 365 Groups do not support being members of other groups, nor can they contain other groups as members.

Yes. If you nest a Distribution Group inside another, Exchange Online will expand all members of the nested group to ensure everyone receives the email.

No. Microsoft Entra ID does not currently support applying licenses to users via nested security groups. Licenses must be assigned to a group containing direct user members.

Stay ahead of mailbox limits with automated reports, quota updates, and simplified archiving

Try a 30-day, free trial
Home »
A holistic Microsoft 365 administration and security solution
HighlightsReportingAuditingManagementMonitoringRelated products