Azure Active Directory (Azure AD) supports dynamic membership for security groups, Microsoft 365 Groups, and services that are powered by Microsoft 365 Groups such as Teams, Planner, Stream. Dynamic membership of a group is defined by one or more rules that check for certain user attributes in Azure AD. Users are automatically added or removed to the correct groups as user attributes change or users join and leave the tenant.
When a group membership rule is applied, user attributes are evaluated for matches with the membership rule. When an attribute changes for a user, all dynamic group rules in the organization are processed for membership changes. Users are added or removed if they meet the conditions for a group. Using Dynamic groups requires Azure AD premium P1 license.
Steps to create Dynamic Microsoft 365 Group from Azure AD portal
Follow the below steps to create a new Office 365 group with membership type as dynamic and create membership rules to update members automatically based on a specific set of criteria.
- Sign in to the Azure AD admin center with a Global administrator or User administrator account.
- In the left navigation, click Azure Active Directory.
- In the Azure Active Directory pane, under the Manage section, click Groups.
- Select All groups and click New group.
- On the New Group page, select Group type as Microsoft 365, enter a name and description for the new group. Select a Membership type as Dynamic user, and then select Add dynamic query to add dynamic membership rules.
- Dynamic membership rule builder supports up to five expressions. You can use the text box to add more than five expressions. For more details, refer this post: How to build rules in the Azure portal.
- After updating the rule, click Save.
- Finally, click Create button on the New group page to create the group.
Check Processing Status of Dynamic Group Membership
Once you created the group with rules, verify the values for user attributes in the rule and ensure there are users that satisfy the rule. If everything looks good, please allow some time for the group to populate. Depending on the size of your Azure AD organization, the group may take up to 24 hours for populating for the first time or after a rule change.
Follow the below steps to view the membership processing status on the group Overview page.
- Sign in to the Azure AD admin center.
- In the left navigation, click Azure Active Directory.
- In the Azure Active Directory pane, under the Manage section, click Groups -> All groups.
- Select (click on group name hyperlink) the required group to open Group details UI. Now, you can see the Membership processing status and the last updated date in Overview tab.
Currently, there is no way to automatically trigger the membership update process. However, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. If membership is still not updated or found any issues, refer to this post: Troubleshooting dynamic memberships for groups.