Azure AD Dynamic Groups Walkthrough
Microsoft has announced that Azure AD Dynamic Groups is now available. This will allow you to create groups that will automatically add and remove users based on AD Properties like Location or Department.
What will you need:
- Azure AD Premium License (documentation says P1, but I’ve heard others say P2 is required)
- An AD Property or AD Properties that you want to dynamically create your group by
Step 1 – Identify the AD Property that we want to use.
In this demo, I will use the Country field to build a group for everyone in the United States
Step 2.1 – Create a new Azure AD Group
First we will create an O365 Group and give it a name (US Employees) and click the drop-down on Membership Type selecting Dynamic as opposed to Assigned
Step 2.2 – Create the Dynamic Rule
Once you click on the Add Dynamic Query, you will build one or more Dynamic Rules to populate the group. In this case, I am looking for the country field to be Equal to United States. Since that is, sometimes, a free-form field, you might need to use a more lax rule or even multiple rules to get everyone. That sort of depends on how good your AD properties are.
If you do need to do something more complex, then you are going to build a complex rule which gives you the ability to write your own query.
Here is an example of a query that should get United States, US, and USA from the country field:
Once you have the rule, you can save it. If you view the Group Properties you will initially see that the Group Membership is being evaluated. This doesn’t take a very long time, but its not instant.
This was just a couple of minutes later and everything was done.
So, the next cool step, now that we have a Dynamic O365 Group is to create a Team from that Group.
Then select the Group that we created
And you know its a Dynamic Team because you cannot add and remove members…so, good practice would be to put that in the description or part of the name so people don’t get frustrated.