# SCA Configuration - SecContacts.AADGroups ### **SecContacts.AADGroups** This setting defines Azure AD groups to filter which AAD accounts are used as contacts in SCA. * Name: `SecContacts.AADGroups` * Value: `[{"name":"", "value":""}]` The Value property is a JSON array of `name`/`value` pairs. You can add one or more AAD groups to the array. * If there is only a single entry, SCA treats it as the default `AAD` data source and it replaces the default AAD datasource, which normally includes all AAD contacts. * If you want to include all users plus specific groups, add a group containing all AAD users (e.g., `All Users`) along with the additional groups. SCA treats each group as an individual data source and assigns it a sequential ID automatically, such as AAD1, AAD2, and so on. Replace `` with the name of the group (e.g., AppMemberGroup) and `` with its Object ID (e.g., `15e3a3d2-50a6-43e3-137e-a44316d0b448`). ### **Optional properties**
PropertyTypeDescription
transitivestringIf true, includes all members of nested groups recursively.
epHomePhonestringMaps to an extension property in Azure AD for Home Phone.
epPrivateMobilePhonestringMaps to an extension property in Azure AD for Private Mobile Phone.
### Examples **Minimal configuration (single entry)** ```json [ { "name": "AppMemberGroup", "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448" } ] ``` With a single entry, SCA treats this group as the default `AAD` data source, replacing the normal default that includes all AAD contacts. **Single group with optional properties** ```json [ { "name": "AppMemberGroup", "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448", "transitive": "true", "epHomePhone": "HomePhoneCustom", "epPrivateMobilePhone": "PrivateMobileCustom" } ] ``` Replace placeholders like `` with the actual name of the corresponding extension property in Azure AD. ### Multiple groups (3 groups example) ```json [ { "name": "AppMemberGroup", "value": "15e3a3d2-50a6-43e3-137e-a44316d0b448", "transitive": "true" }, { "name": "HRGroup", "value": "d1a2b3c4-5678-90ab-cdef-1234567890ab" }, { "name": "AllUsers", "value": "0f1e2d3c-4567-89ab-cdef-9876543210fe" } ] ``` In this example: * `AppMemberGroup` becomes `AAD1` * `HRGroup` becomes `AAD2` * `AllUsers` becomes `AAD3` Including the `AllUsers` group ensures that all AAD users remain part of the contacts, in addition to the specific groups. **Optional properties allow SCA to:** * Include nested group members (`transitive: true`) * Map Azure AD extension properties for Home or Private Mobile numbers (`epHomePhone`, `epPrivateMobilePhone`) This gives full control over which accounts appear as contacts and how their phone numbers are sourced. {% hint style="success" %} [Rename SCA data sources](/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-seccontacts.customdatasourcenames.md) to make them clear and understandable for end users {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-aad-filters-and-groups-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.