A configuration policy authorizes you to add actions onto groups or virtual organizational units to allow for standardization and consistency throughout your tenant. For example, you can change a users’/groups’/vOUs’ Azure Active Directory details, add managers and so on. Look here for more information on configuration policies.
The best protocol in order to apply actions to a Azure Active Directory security group is to create a configuration policy scoped to the target group and not add a filter to that group. Let’s go through how to do that.
First, find the security group or groups you would like to add actions to. This can be found be going to Nova > Manage > Groups. Then select Security group from the drop down list. Make a note of this, or add these groups to a virtual organizational unit. To do that, check out this page.
Now create the configuration policy for these groups/vOU. Go to Manage Administration > Configuration policies, then click Add then add a name to your policy. Then click Add on the Policy Scope section.
Then choose Group from the select type drop down list and select the security groups from your tenant. Alternatively, choose the vOU that you may have created.
From there, choose the appropriate actions you would like to apply to your policy.