You’ll need to make sure that you have an attribute defined for sonar.auth.saml.group.name to which Azure AD is returning group information.
Turning up your log level (Global **Administration > System > Log Level) and observing your /logs/web.log file will let you see what is being returned in the SAML response, and if group information exists.
After that, you’ll need to make sure that the groups you want to have synced with Azure AD are already created (and match in name identically) on your SonarQube server.
Users will then sync with those groups on their next login.
This relies entirely on your SAML configuration in Azure AD, which we don’t have any specific guidance for. Group information needs to be returned in the SAML response the same way your login, name, and e-mail is.
However, when I created new group in sonarqube, it did map to correct group. Moreover, users that I set manually to admin group was reset and add back to default group sonar-users.