Last Update: Jul 17, 2023 | Published: Jun 09, 2022
Microsoft has released a new update that allows IT teams to create dynamic Azure Active Directory (recently renamed Microsoft Entra ID) groups based on membership in other groups. This is one of the top requests from customers and intends to address certain limitations associated with the existing nested groups structure.
With this release, IT Pros can now use the memberOf attribute to include the individual members of up to 50 groups in each dynamic group. “Unlike existing nested security groups today, memberOf dynamic groups return a flat list of members, so can be used for licensing assignment and application assignment,” the company explained.
Microsoft added that IT admins will be able to set up dynamic groups via Azure portal, PowerShell, and Microsoft Graph. However, they will need to have the required permissions (i.e, Global Administrator, Intune Administrator, or User Administrator). It is important to note that the rule editor doesn’t support memberOf dynamic groups, and IT Pros will need to type the rule manually.
Microsoft is rolling out these dynamic group improvements in preview to customers with an Azure AD Premium license. Keep in mind that this preview release doesn’t allow users to create more than 500 dynamic groups. Microsoft has also outlined a couple of other limitations, and we invite you to check out this support document for additional information.
Related Article: