Azure/Entra
Azure Dynamic Groups
Azure Dynamic Group Membership Rules
Rule Syntax to add group members based on the criteria
- Account is active
- Primary Email Address is at domain
example.com
(user.accountEnabled -eq true) -and (user.mail -contains "@example.com")
- License includes
Exchange Online (Plan 1)
- Plan is enabled
user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")
- Users that are members of group with Object ID
9dba4c67-5cd4-449d-a1c3-51865c374cab
user.memberof -any (group.objectId -in ['9dba4c67-5cd4-449d-a1c3-51865c374cab'])
- Username contains
@example
- Email Alias contains
@example
- Company Name is
Example Company
(user.userPrincipalName -contains "@example") or (user.proxyAddresses -any (_ -contains "@example")) or (user.companyName -eq "Example Company")
Microsoft Learn | Dynamic Rules
Add user to Azure AD Application
Azure applications are used for Single Sign On, among other things. To use SSO, the user has to have access to the application.
First, login to the Microsoft Admin Portal then go to Azure Active Directory (or skip this step and go directly to Azure Active Directory).
Go to Enterprise Applications > All Applications and search for the application. Then select it from the list.
Select Assign users and groups. Then click Add users/group.
In Add Assignment click None Selected under Users and Groups.
Search for the user, then select from the list. Then click the Select button.
Then click the Assign button. The status box will pop up to show progress. Once it shows it's complete, the user has been assigned to the application.