Dynamic group assignment in Azure AD
When setting up groups in Azure Active Directory, there are two options for assigning users to groups.
1. Add users to groups manually
2. Dynamically assign users to a group based on a query of the users properties.
For instance, if I wanted to create groups based on the a users geographical location then I could create a dynamic group assignment that is based on the users “country” property in Azure AD.
The steps to carry this out are as follows:
1. Log into the Azure Portal and select Azure Active Directory from the menu.
2. Navigate to “Groups” once in the Azure AD menu.
3. Click on “New Group” in the top menu.
4. Give the group and name and description and make sure to select Dynamic User in the Membership type dropdown.
5. Once selected you can now click on the “Add dynamic query” link
6. Now you can start to add your rules to generate a query. The example below is using the country property for a user and matching it to the value “UK”
7. Once you have added all your rules you can click on the “validate rules” tab to check your rule works with specific users.
8. Click save to create your new Group in Azure AD.
Now any user in AD that matches your specified rule will be assigned to this group. This makes administering Azure AD much simpler and allows you to organise and apply permissions based on the dynamic groups.