I have an app that we are trying to restrict by security group. One group, in particular, is problematic. It isn't mail-enabled, so it doesn't have a full email address. also, the name of the security group happens to be contained within the display name of many users. Since the typeahead only loads a few options, and the security group I want isn't in those options, I can't add it to the app. If I just type the name and hit enter, it chooses the first option from the typeahead, which is an individual user, not the security group. If I try to use the group's Guid, I get an error that the email address is invalid or a duplicate.
@v-huizhn-msft here's what it looks like:
If I just type in the group name and hit enter, I get the second screenshot, where it just selects the first item in the typeahead, even if though there is an exact match. Interestingly, if I go to the O365 portal and search there, it shows up fine because it is searching by "begins with" instead of "contains"