Azure Dynamic Group Membership Rules

Azure Dynamic Group Membership Rules

Rule Syntax to add group members based on the criteria

(user.accountEnabled -eq true) -and (user.mail -contains "@domain-example.com")

• License includes Exchange Online (Plan 1)
• Plan is enabled

user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")

• Users that are members of group with Object ID 9dba4c67-5cd4-449d-a1c3-51865c374cab

user.memberof -any (group.objectId -in ['9dba4c67-5cd4-449d-a1c3-51865c374cab'])

• Username starts with @domain
• Email Alias starts with @domain
• Company Name is Domain Company

(user.userPrincipalName -contains "@domain") or (user.proxyAddresses -any (_ -contains "@domain")) or (user.companyName -eq "Domain Company")

Microsoft Learn | Dynamic Rules