Hi Graham
One thing that comes to mind is ensuring:
- That Entra ID groups have been synched
- That the users being tested are a member of the groups
- That the policies in Azure/Entra ID have been applied to the groups on that side
Failing that you can follow the series of blogs that my colleeague Margaret Radford did and which followed the integration end-to-end.
https://community.ibm.com/community/user/security/blogs/margaret-radford/2024/07/25/maas360-ask-me-anything-about-azure-integration-wi