{"id":1242,"date":"2021-08-27T21:13:43","date_gmt":"2021-08-27T21:13:43","guid":{"rendered":"https:\/\/regroove.ca\/stellark\/?p=1242"},"modified":"2023-02-24T17:13:48","modified_gmt":"2023-02-24T17:13:48","slug":"azure-ad-dynamic-groups","status":"publish","type":"post","link":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/","title":{"rendered":"Azure AD Dynamic Groups"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What?<\/h2>\n\n\n\n<p>Azure AD Dynamic Groups are populated with users or devices based on specific criteria defined in attribute based rules.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">So What?<\/h2>\n\n\n\n<p>Dynamic group membership can be used to populate Security groups or Microsoft 365 Groups.  <\/p>\n\n\n\n<p>This functionality:<\/p>\n\n\n\n<ul>\n<li>Can reduce Administrative manual work effort.<\/li>\n\n\n\n<li>Can ensure that users or devices are assigned to the correct groups based on specified criteria.<\/li>\n\n\n\n<li>Can be used repeatedly for different membership scenarios which is defined by the rule syntax that is defined.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Now What?<\/h2>\n\n\n\n<p>Let&#8217;s review some details about <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/enterprise-users\/groups-dynamic-membership\" target=\"_blank\" rel=\"noreferrer noopener\">Dynamic Groups<\/a><\/p>\n\n\n\n<ul>\n<li>You can create a Dynamic group for devices or for users, but you can&#8217;t create a rule that contains both users and devices.<\/li>\n\n\n\n<li>You can&#8217;t create a device group based on the device owners&#8217; attributes. Device membership rules can only reference device attributes.<\/li>\n\n\n\n<li>Azure AD Premium P1 licenses are required for each user that is a member of one or more dynamic groups.\n<ul>\n<li>Specific user license assignment is not required but minimum licenses are required in the Azure AD organization to accommodate dynamically assigned users.  i.e. 100 users in one or more dynamic groups requires 100 licenses in organization.<\/li>\n\n\n\n<li>Devices in dynamic groups do not require licenses.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The Dynamic groups rule builder supports up to 5 expressions. You can use advanced rules (text syntax) to create rules with more than 5 expressions.<\/li>\n\n\n\n<li>Total length of membership rule cannot exceed 3072 characters.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Configuring Rules<\/h2>\n\n\n\n<p>Dynamic groups use <strong>Properties<\/strong>, <strong>Operators<\/strong> and <strong>Values<\/strong> to construct a user or device rule.<\/p>\n\n\n\n<p>A simple rule looks something like this:<\/p>\n\n\n\n<p class=\"has-luminous-vivid-orange-color has-text-color\">user.physicalDeliveryOfficeName -eq &#8220;Head Quarters&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Where&#8230;<\/h2>\n\n\n\n<p> user.physicalDeliveryOfficeName  = <strong>Property<\/strong><\/p>\n\n\n\n<p>-eq = <strong>Operator<\/strong><\/p>\n\n\n\n<p>&#8220;Head Quarters&#8221; = <strong>Value<\/strong><\/p>\n\n\n\n<p>Complex rules can have a combination of <strong>Operators<\/strong><\/p>\n\n\n\n<p>Operators listed below are in order of precedence from highest to lowest. Operators on same line are of equal precedence.<\/p>\n\n\n\n<p>-eq -ne -startsWith -notStartsWith -contains -notContains -match \u2013notMatch -in -notIn<\/p>\n\n\n\n<p>-not<\/p>\n\n\n\n<p>-and<\/p>\n\n\n\n<p>-or<\/p>\n\n\n\n<p>-any -all<\/p>\n\n\n\n<p>More info on complex rules can be found in MS documentation for <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/enterprise-users\/groups-dynamic-membership\" target=\"_blank\" rel=\"noreferrer noopener\">Dynamic Groups<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Using Dynamic Groups and Rules (Examples)<\/h2>\n\n\n\n<p>Example 1 &#8211; <em>User&#8217;s Office location attribute is set and the user is an Azure AD member <\/em><\/p>\n\n\n\n<p class=\"has-luminous-vivid-orange-color has-text-color\">(user.physicalDeliveryOfficeName -ne null) -and (user.userType -eq &#8220;Member&#8221;)<\/p>\n\n\n\n<p>This rule can be used to exclude Guests and any user that does not have an office location attribute set.  In the image below User1 satisfies both criteria.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"684\" height=\"325\" src=\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image.png\" alt=\"\" class=\"wp-image-1243\" srcset=\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image.png 684w, https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image-300x143.png 300w\" sizes=\"(max-width: 684px) 100vw, 684px\" \/><\/figure>\n\n\n\n<p>In this image the user satisfies the Office location attribute but does not satisfy the user type criteria.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"687\" height=\"317\" src=\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image-1.png\" alt=\"\" class=\"wp-image-1244\" srcset=\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image-1.png 687w, https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/image-1-300x138.png 300w\" sizes=\"(max-width: 687px) 100vw, 687px\" \/><\/figure>\n\n\n\n<p>Example 2 &#8211; <em>User is directory synchronized, is not a guest and is assigned a specific Microsoft 365 service plan<\/em><\/p>\n\n\n\n<p class=\"has-luminous-vivid-orange-color has-text-color\">(user.dirSyncEnabled -eq true) -and (user.userType -eq &#8220;Member&#8221;) -and (user.assignedPlans -any (assignedPlan.servicePlanId -eq &#8220;c1ec4a95-1f05-45b3-a911-aa3fa01094f5&#8221; -and assignedPlan.capabilityStatus -eq &#8220;Enabled&#8221;)<\/p>\n\n\n\n<p>When a user or device fails to meet the defined membership rule that user or device will be removed from the group.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Dynamic Groups and Microsoft Teams<\/h2>\n\n\n\n<p>Learn how to <a href=\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/microsoft-365-groups-and-teams\/\" target=\"_blank\" rel=\"noreferrer noopener\">use Dynamic groups to populate the membership of a Microsoft Team<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What? Azure AD Dynamic Groups are populated with users or devices based on specific criteria defined in attribute based rules. So What? Dynamic group membership can be used to populate Security groups or Microsoft 365 Groups. This functionality: Now What? Let&#8217;s review some details about Dynamic Groups Configuring Rules Dynamic groups use Properties, Operators and &hellip; <a href=\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\"><\/a><\/p>\n","protected":false},"author":11,"featured_media":1251,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[111,288,287,150],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Azure AD Dynamic Groups - Stephanie Kahlam<\/title>\n<meta name=\"description\" content=\"Azure AD Dynamic Groups\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure AD Dynamic Groups - Stephanie Kahlam\" \/>\n<meta property=\"og:description\" content=\"Azure AD Dynamic Groups\" \/>\n<meta property=\"og:url\" content=\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"Stephanie Kahlam\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-27T21:13:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T17:13:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stephanie Kahlam\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephanie Kahlam\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\",\"url\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\",\"name\":\"Azure AD Dynamic Groups - Stephanie Kahlam\",\"isPartOf\":{\"@id\":\"https:\/\/regroove.ca\/stellark\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg\",\"datePublished\":\"2021-08-27T21:13:43+00:00\",\"dateModified\":\"2023-02-24T17:13:48+00:00\",\"author\":{\"@id\":\"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/175e89cb69612178b2ac838c0bab6149\"},\"description\":\"Azure AD Dynamic Groups\",\"breadcrumb\":{\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage\",\"url\":\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg\",\"contentUrl\":\"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg\",\"width\":300,\"height\":300,\"caption\":\"People icon set in trendy flat style, Persons symbol infographics website design, logo, app - vector\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Stellark Home\",\"item\":\"https:\/\/regroove.ca\/stellark\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure AD Dynamic Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/regroove.ca\/stellark\/#website\",\"url\":\"https:\/\/regroove.ca\/stellark\/\",\"name\":\"Stephanie Kahlam\",\"description\":\"Microsoft 365 and SMB.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/regroove.ca\/stellark\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/175e89cb69612178b2ac838c0bab6149\",\"name\":\"Stephanie Kahlam\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/398b95e23dc9eaf37a780b86a239b485?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/398b95e23dc9eaf37a780b86a239b485?s=96&d=mm&r=g\",\"caption\":\"Stephanie Kahlam\"},\"url\":\"https:\/\/regroove.ca\/stellark\/author\/skahlam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure AD Dynamic Groups - Stephanie Kahlam","description":"Azure AD Dynamic Groups","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/","og_locale":"en_US","og_type":"article","og_title":"Azure AD Dynamic Groups - Stephanie Kahlam","og_description":"Azure AD Dynamic Groups","og_url":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/","og_site_name":"Stephanie Kahlam","article_published_time":"2021-08-27T21:13:43+00:00","article_modified_time":"2023-02-24T17:13:48+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg","type":"image\/jpeg"}],"author":"Stephanie Kahlam","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Stephanie Kahlam","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/","url":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/","name":"Azure AD Dynamic Groups - Stephanie Kahlam","isPartOf":{"@id":"https:\/\/regroove.ca\/stellark\/#website"},"primaryImageOfPage":{"@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage"},"image":{"@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg","datePublished":"2021-08-27T21:13:43+00:00","dateModified":"2023-02-24T17:13:48+00:00","author":{"@id":"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/175e89cb69612178b2ac838c0bab6149"},"description":"Azure AD Dynamic Groups","breadcrumb":{"@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#primaryimage","url":"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg","contentUrl":"https:\/\/regroove.ca\/stellark\/wp-content\/uploads\/sites\/3\/2021\/08\/158-scaled-e1630098763943.jpg","width":300,"height":300,"caption":"People icon set in trendy flat style, Persons symbol infographics website design, logo, app - vector"},{"@type":"BreadcrumbList","@id":"https:\/\/regroove.ca\/stellark\/2021\/08\/27\/azure-ad-dynamic-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Stellark Home","item":"https:\/\/regroove.ca\/stellark\/"},{"@type":"ListItem","position":2,"name":"Azure AD Dynamic Groups"}]},{"@type":"WebSite","@id":"https:\/\/regroove.ca\/stellark\/#website","url":"https:\/\/regroove.ca\/stellark\/","name":"Stephanie Kahlam","description":"Microsoft 365 and SMB.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/regroove.ca\/stellark\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/175e89cb69612178b2ac838c0bab6149","name":"Stephanie Kahlam","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/stellark\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/398b95e23dc9eaf37a780b86a239b485?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/398b95e23dc9eaf37a780b86a239b485?s=96&d=mm&r=g","caption":"Stephanie Kahlam"},"url":"https:\/\/regroove.ca\/stellark\/author\/skahlam\/"}]}},"_links":{"self":[{"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/posts\/1242"}],"collection":[{"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/comments?post=1242"}],"version-history":[{"count":9,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/posts\/1242\/revisions"}],"predecessor-version":[{"id":1379,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/posts\/1242\/revisions\/1379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/media\/1251"}],"wp:attachment":[{"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/media?parent=1242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/categories?post=1242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regroove.ca\/stellark\/wp-json\/wp\/v2\/tags?post=1242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}