Organizations often have existing security groups they would want to use for deploying Add-ins. But the current restrictions on what groups work for centralized deployment often force organizations to start (and maintain) a new dedicated security group for deploying Add-ins. This would be unnecessary if all types of security groups (especially nested or dynamic groups) would be supported in a centralized deployment scenario.