Systems Manager now supports group synching when Azure AD is used for owner enrollment authentication!
This allows users to authenticate with Azure AD, and for administrators to leverage the existing Azure AD groups as tags in SM.
As users enroll and authenticate they will be added into the Systems Manager > Owners page as an "Azure" type. If the same username/email already exists, the Azure info will be merged into the existing Owner.
The Azure AD "memberOf" groups are added as tags in Systems Manager, so administrators can use the same groups to scope apps/profiles via Systems Manager.