Microsoft Previews Dynamic Group Rules for Azure Active Directory

Microsoft announced a preview this week of a new Azure Active Directory feature that lets IT pros write simple and complex rules for the groups they manage.

The new feature, called "Attribute Based Dynamic Group Membership," will be available as part of Azure Active Directory Premium subscriptions, but it's been released this week for testing. The new feature is conceived as a time saver for IT pros. They can specify access to resources by end users by writing rules for groups. Resource access, such as to software, will get automatically assigned, based on those rules. The idea is that IT pros will be freed from having to do a lot of the manual configuration tasks that they do today using Azure Active Directory.

For instance, a Microsoft MSDN library article describes creating a simple rule to assign all sales reps to use a certain SaaS application. That's done through a pull-down menu in the Azure Management Portal. Microsoft's example of a simple rule looks like this: "Add users where is set to the jobTitle that EqualsSales Rep."

IT pros can also use the Azure Management Portal to create advanced rules for groups, which can include logical operators. Microsoft's example of an advanced rule looks like this: "All users where Department equals Sales or Marketing and Job title contains Manager." The syntax for such complex rules is described in Microsoft's library article.

Resources get automatically assigned using the Dynamic Group approach, including the software licensing. Microsoft's announcement explains that "a typical scenario would then give this group access to some SharePoint sites, or automatically assign them Office 365 licenses."

Rules get reevaluated when changes are made to individual user attributes, according to Microsoft's explanation. For instance, the action would change if a user were removed from a group.

The new Attribute Based Dynamic Group Membership feature needs to be turned on first in order to work. That's done via a button in the Azure AD Admin Portal. It also has to be turned on in the directory configuration page, according to Microsoft.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Salesforce Buying Slack for $27 Billion To Bolster CRM Solution

    Salesforce on Tuesday announced the purchase of collaboration software-maker Slack for an estimated $27.7 billion.

  • Dark City Illustration

    The Night the Lights Went Out in the Cloud: Lessons from the AWS Outage

    Last week's AWS outage that broke the Internet showed how critical it is to build applications that can withstand transient failure. Here's what you need to know to design a resilient cloud app (and it doesn't involve multicloud).

  • 5 Steps To Fix Windows Indexing Problems

    The Windows indexing feature doesn't always deliver the correct results of a file search. Here are five troubleshooting steps you can take whenever Windows indexing acts up.

  • Microsoft Adding Simpler Microsoft 365 Admin Center Option for Small Businesses

    The Microsoft 365 Admin Center, used for setting up and managing various Microsoft services, is getting a more lightweight interface designed for "very small businesses," according to a Tuesday Microsoft announcement.

comments powered by Disqus