Reputation: 115
How can I assign multiple "departments" to a single user in Azure that can be dynamically assigned in different M365 groups?
Details of the Issue:
As far as I know, dynamic membership rules can be assigned based off of properties that pertain to a single user. That is, department, object ID, job title, etc.
The limitation is that there can only be one assigned department, one assigned object ID, one assigned job title, etc. for a single user.
How can I assign multiple "departments" to a single user in Azure that can be dynamically assigned in different M365 groups? For example:
User 1 belongs to Department A and Department B User 2 belongs to Department A and Department C
If Group A only allows users from Department A Then: User 1 and User 2 is assigned
If Group B only allows users from Department C Then: User 2 is assigned
The issue is that I cannot seem to find a way to assign multiple departments to a single user that can later be used to dynamically assign users to M365 groups.
You can assign a single department to a single user, thus setting a dynamic membership rule to add all users from that specific department to the M365 group, however this only works if you're okay with a user belonging to a single department.
What I Tried:
My users may belong to multiple departments, so to remedy this issue, I decided to use Azure's Assigned Roles as "departments". That is, I create a custom assigned role for each department allowing each user to be assigned multiple roles (i.e., departments.)
Why It Didn't Work:
However, when setting up the dynamic membership rule, to assign users to a M365 group, I am not able to find a user property that corresponds to their assigned role(s).
Is this a valid approach? Or is there an alternative that I'm missing?
Update:
This relation question runs into the same issue, however the given answer does not address my issue.
This could entirely be a limitation on Azure's side and my goal may not be achievable through AAD.
Upvotes: 0
Views: 1259
Answers (1)
Reputation: 115
Answering my own question with a potential, and simple, alternative to this issue:
Listing out all of the departments in any of the user's property fields and using the following dynamic membership rule to find it:
user.department -contains "Department A"
Example:
User 1 belongs to Department A and Department B.
So, Set Department to:
"Department A, Department B"
Group looks for users from Department B.
So, Set M365 Dynamic Rule Membership to:
user.department -contains "Department B"
Azure has a 64 property-character-limit, so contracting your department names to unique ID's, such as:
Department A: DA-001
Department B: DB-001
Works, too.
User 1 belongs to Department A and Department B.
So, Set Department to: "[DA-001],[DB-001]"
user.department -contains "DB-001"
Upvotes: 0
Related Questions
- VBA Button does not run VBA calculation
- Excel Button Issues
- Generating button to call macro, but not running macro
- VBA stepping through code works, button does not
- VBA code works in Macro but not on a button
- VBA code in command button doesn't work on button click
- How to run a calculation in a sheet using button in excel
- Running a Vba function on button press not working in excell
- Excel Run macro from button issue
- Macro not working right when called through a button