Dynamic Group Membership in Azure Active Directory (Part 1)
In Part 1 of this series, I will cover Creating and Assigning Licenses and Applications to a Dynamic User Group in this blog post.
One of my favorite new features in Azure Active Directory is Dynamic Group Membership. In these blog posts, I will describe the different types of Dynamic Groups that you can create, then assign these Groups to Applications and Licenses.
I will first create a Dynamic User Group:
I selected Bedrock Users to go along with the Flintstones theme. The following options are available for Membership Type:
- Assigned
- Dynamic Device
- Dynamic User
I for this section, I selected Dynamic User under Membership Type. For my dynamic query, I selected the following:
Add users where: city equals Bedrock
Now, all users (Local Active Directory and Azure Active Directory) who have City defined as Bedrock will automatically be added to this group. I choose the city attribute, but you could choose many different attributes, including 16 custom attributes. In another demo, I created an attribute on my local Active Directory called LSU Fan, configured Azure AD Connect to sync that attribute, then gave certain applications access to Users if they had a Yes value. Some of the popular attributes are the following:
- Company Name
- Department
- Title
- User Type
- City
- State
- Postal Code
- Office Name
I used Equals in my Bedrock Users Group, but you are able to use any of the following supported expression rule operators:
Here is a screen shot of Fred Flintstone User Profile showing where Bedrock is defined in City attribute:
Now, all the Flintstones and Rubbles are members of the Dynamic Group.
Now that my group is dynamically populated, I can assign Licenses and Applications to the group.
In the caption below, I assigned Enterprise Mobility + Security E5 License to the Bedrock Users Group.
In the screen shot below, I assigned Bedrock Users access to the Box Enterprise Application:
Now, any User that is created or modified and has Bedrock listed under City will automatically get Enterprise Mobility + Security E5 License and access to Box Enterprise Application.
The Dynamic Group feature is an Azure Active Directory Premium feature which is included with Enterprise Mobility + Security Suite and Microsoft 365 Suite.
This is the conclusion of Part 1 of 2 Blog Posts on Dynamic Group Membership in Azure Active Directory.
Next, I will create Part 2 to cover creating Dynamic Device Groups and using Advanced Dynamic Membership Rules.
Thank You,
Paul Jones