A simple use case for Dynamic membership Assignment

There’s a new type of group in Azure Active Directory. This group allows you write a query based on attributes of the account so the group will constantly be updated without user intervention.

I will share a simple use case. You want to be able to capture all of the B2B guest accounts in your Azure Active Directory. Maybe you want to be use some conditional access on those particular accounts or you want to investigate to see if they’ve been accessed recently.

Go into Azure Active Directory in your Azure portal and click on Users and groups.

Click All groups

and Add a New Group

Name your Group and Set the Membership type to Dynamic User

Then click Add dynamic query, this is where the magic happens.

In our case, we want something simply like collect all Guest Users

Once you save this, it will take about 30 minutes for the query to Add the users, and they will continually get added and removed.

Leave a comment

Your email address will not be published.