Dynamic groups in Azure Active Directory

Members can be added to or removed from a security group based on their attributes in Azure Active Directory (Azure AD) automatically you can set dynamic configuration of group membership for Azure Active Directory. Administrators can set rules to populate groups that are created in azure AD based on user attributes (such as userType, depatment, or country). When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. if a user or device satisfies a rule on a group, they are added as a member of that group. if the no longer satisfy the rule, they are removed. These groups can provide access to applications or cloud resources (SharePoint sites, documents) and to assign licenses to members.


Create Dynamic group

Sign in to the Azure AD admin center with an account that is a global administrator or a user account administrator.

Select Users & Groups

Select All Groups, and select New Groups.


On the Group blade, enter a name and description for the new group. Select a Membership type of either Dynamic User or Dynamic Device, depending on whether you want to create a rule for users or devices, and then select Add dynamic query. You can use the rule builder to build a simple rule, or write an advanced rule yourself. This post I choose rule based on department.


Click Advanced rule to check the rule.


After creating the rule, select Add query at the bottom of the blade.

Select Create on the Group blade to create the group.


Group is created


Click group, at Overview you will see members of the group is 0.


Wait a minute and you will see the members increase based on the rule.


Leave a Reply