Skip to main content

Azure Dynamic Group Membership Rules

Azure Dynamic Group Membership Rules

Rule Syntax to add group members based on the criteria

  • Account is active
  • Primary Email Address is at domain domain-example.com

(user.accountEnabled -eq true) -and (user.mail -contains "@domain-example.com")

  • License includes Exchange Online (Plan 1)
  • Plan is enabled
user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")

  • Users that are members of group with Object ID 69ebbcab-1772-4db8-bc38-512fcaa5b367
user.memberof -any (group.objectId -in ['69ebbcab-1772-4db8-bc38-512fcaa5b367'])

  • Username starts with @domain
  • Email Alias starts with @domain
  • Company Name is Domain Company
(user.userPrincipalName -contains "@domain") or (user.proxyAddresses -any (_ -contains "@domain")) or (user.companyName -eq "Domain Company")

Microsoft Learn | Dynamic Rules

Back to top