Azure/Entra

• Azure Dynamic Groups
• Add user to Azure AD Application

Azure Dynamic Groups

Azure Dynamic Group Membership Rules

Rule Syntax to add group members based on the criteria

(user.accountEnabled -eq true) -and (user.mail -contains "@example.com")

• License includes Exchange Online (Plan 1)
• Plan is enabled

user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")

• Users that are members of group with Object ID 9dba4c67-5cd4-449d-a1c3-51865c374cab

user.memberof -any (group.objectId -in ['9dba4c67-5cd4-449d-a1c3-51865c374cab'])

• Username contains @example
• Email Alias contains @example
• Company Name is Example Company

(user.userPrincipalName -contains "@example") or (user.proxyAddresses -any (_ -contains "@example")) or (user.companyName -eq "Example Company")

Microsoft Learn | Dynamic Rules

Add user to Azure AD Application

Azure applications are used for Single Sign On, among other things. To use SSO, the user has to have access to the application.

First, login to the Microsoft Admin Portal then go to Azure Active Directory (or skip this step and go directly to Azure Active Directory).

Go to Enterprise Applications > All Applications and search for the application. Then select it from the list.

Select Assign users and groups. Then click Add users/group.

In Add Assignment click None Selected under Users and Groups.

Search for the user, then select from the list. Then click the Select button.

Then click the Assign button. The status box will pop up to show progress. Once it shows it's complete, the user has been assigned to the application.