Looking to use Active Directory groups to populate smart user groups. We currently have SSO and Azure AD as a Cloud Identity Provider setup. Do I also need to add an LDAP server?
JAMF cannot do make smart groups based on AD membership. If you need to do AD reporting that will need to come out of Azure. If you are trying to target something at an AD group that is possible. You target the policy/configuration profile to all devices/users and set an exclusion for the desired AD group. The wording is poor, but the exclusion means only users in that AD group will see the policy/configuration profile.
Yes you need a LDAP Server setup for JAMF to be able to search that domain. There is also some extension attributes you need to configure, and inventory collection stuff, nothing complicated.