Azure SAML 2.0 settings to capture the User DN or Group

PSD

Hi, I able to authenticate the Azure User via SAML on SMA 12.4. Seems like SMA unable to get the user Group and make the "Group" mapping policy failed. Anyone know any special configruation that we need to configure at Azure, especially section#2 in Azure Sigle Sign-on setup page? Thanks a lot for prompt advise.