Microsoft Previews Dynamic Group Rules for Azure Active Directory

Microsoft announced a preview this week of a new Azure Active Directory feature that lets IT pros write simple and complex rules for the groups they manage.

The new feature, called "Attribute Based Dynamic Group Membership," will be available as part of Azure Active Directory Premium subscriptions, but it's been released this week for testing. The new feature is conceived as a time saver for IT pros. They can specify access to resources by end users by writing rules for groups. Resource access, such as to software, will get automatically assigned, based on those rules. The idea is that IT pros will be freed from having to do a lot of the manual configuration tasks that they do today using Azure Active Directory.

For instance, a Microsoft MSDN library article describes creating a simple rule to assign all sales reps to use a certain SaaS application. That's done through a pull-down menu in the Azure Management Portal. Microsoft's example of a simple rule looks like this: "Add users where is set to the jobTitle that EqualsSales Rep."

IT pros can also use the Azure Management Portal to create advanced rules for groups, which can include logical operators. Microsoft's example of an advanced rule looks like this: "All users where Department equals Sales or Marketing and Job title contains Manager." The syntax for such complex rules is described in Microsoft's library article.

Resources get automatically assigned using the Dynamic Group approach, including the software licensing. Microsoft's announcement explains that "a typical scenario would then give this group access to some SharePoint sites, or automatically assign them Office 365 licenses."

Rules get reevaluated when changes are made to individual user attributes, according to Microsoft's explanation. For instance, the action would change if a user were removed from a group.

The new Attribute Based Dynamic Group Membership feature needs to be turned on first in order to work. That's done via a button in the Azure AD Admin Portal. It also has to be turned on in the directory configuration page, according to Microsoft.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.