When admins are deploying the D365 app for outlook through the list of users that are eligible for the App there is a problem with how the query in the list is checking the priviliges of the users. It seems that the query is requiring that the users must have a security role with permission for the D365 App for Outlook directly linked to the users. In a scenario where the customers are using the sync between Azure AD groups and AAD sercurity group teams in the power platform (and therefor not linking any security roles directly to the users) the query does not populate the eligible users if the permission for the D365 App for Outlook is only granted indirectly to the users through the AAD Security group teams (or any other type of team). This means the the customers have to break the principle of NOT assigning security roles directly to the users.

To me it seems that the product team responsible for the App for Outlook was unaware that you can assign security roles to the users though team association. I hope this glitch in the design (bug) is fixed.