Study Guide Series: Exam MS-500 – Implement Azure AD Group Membership

This post is part of the overall MS-500 Exam Study Guide. Links to each topic as they are posted can be found here.

Implement Azure AD Group Membership

There are two types of groups in Azure AD as it relates to membership: Assigned and Dynamic. Assigned membership works just like regular AD groups. You create the group in Azure AD and assign owners and members one by one.

Dynamic membership is a lot more flexible. With dynamic membership we create rules that are processed to determine membership. There are two types of dynamic groups, user and device but both work in pretty much the same way. When we create a dynamic group, we set owners as we would with assigned groups, and then we configure membership rules.

To configure membership rules, click on the “Add dynamic query” option and you will be brought to the rules editor. From here you can add in the rules for scoping membership of the group. In the below example, we are specifying all enabled users whos display name does not contain the string “Adele”.

We can then use the preview feature to validate our rules. This allows us to add users to check the rule against and verify if they would be included or not. Below I have added three accounts, Allan, Adele and Alex. Allan has sign-ins disabled so is not included in the group, Adele has “Adele” in her name so is also excluded and Alex meets both of our criteria and is included.

We can see that our group rules are working as expected and if we click “view details” on the users status, we can even see the reasons for the status.

Dynamic membership rules can be really useful in a number of scenarios such as:

  • Creating Device Groups for Intune / Autopilot configuration
  • Licensing users based on particular attributes
  • Granting access to data based on a users job title
  • Dynamically adding users to Microsoft Teams

Some useful links to check out:

Create a basic group and add members – Azure Active Directory | Microsoft Docs

Create or edit a dynamic group and get status – Azure AD | Microsoft Docs

Rules for dynamically populated groups membership – Azure AD | Microsoft Docs

One thought on “Study Guide Series: Exam MS-500 – Implement Azure AD Group Membership

  1. Pingback: Study Guide Series – Exam MS-500: Microsoft 365 Security Administration – Sean McAvinue

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s