Reputation: 3127
Exclude Service Groups and outside members in Azure AD Dynamic Groups
Would like to create a dynamic group in Azure AD that has the following criteria:
Only include individual user accounts (no service accounts) who are actually employees of our company.
I think there should be a way to accomplish the first criteria, but a bit unsure about the second.
Also would be great if the group could be alphabetical.
Any assistance would be greatly appreciated.
Upvotes: 0
Views: 1828
Answers (1)
Reputation: 3485
The rule or rules will depend on how you have your employee users organized. Only users can be assigned dynamically.
Below you will find some samples:
If employees are all members (not guests):
(user.userType -eq "member")
If employees are all members (not guests) who have the Exchange Online (Plan 2) service plan assigned and enabled:
(user.userType -eq "member") and (user.assignedPlans -any (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Enabled"))
Etc.
For more information, please take a look to Dynamic membership rules for groups in Azure Active Directory.
Upvotes: 0
Related Questions
- Azure AD Group Membership vs Direct Members
- Not able to create Azure AD Dynamic Group
- How to block access to group of users with directory roles
- Create a hidden AAD group
- How to create dynamic groups in azure ad through powershell?
- Filtering Groups with Contains
- Azure AD Dynamic Group based on Group Membership
- How to validate if user is part of group in Azure AD?
- Microsoft Graph API Filter for Cloud Only Groups
- Restrict which Users are accessible with Azure AD Permissions