![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 16%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ3%3C/text%3E%3C/svg%3E)
Hi Jimmy Zheng,
Based on your description, If the audit logs don’t show any deletion activity, I recommend checking the Azure AD sign-in logs and group activity reports for any anomalies, especially around automated processes, conditional access policies, or identity governance tools like access reviews or entitlement management. Also, if the group is synced from on-premises AD, it’s worth reviewing the synchronization logs and rules in Azure AD Connect to ensure no misconfigurations or sync errors occurred.
Another possibility is that a dynamic group rule may have changed, causing members to be removed automatically. Reviewing the group type and membership rules could help clarify that.
Let me know what you find, and feel free to share any additional details. I’m happy to dig deeper with you. If this answer helps, please hit "Accept Answer" so others can benefit too 😊
Jason,