Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

IT Admins Can Now Create Nested Dynamic Azure AD Groups

Microsoft has released a new update that allows IT teams to create dynamic Azure Active Directory (recently renamed Microsoft Entra ID) groups based on membership in other groups. This is one of the top requests from customers and intends to address certain limitations associated with the existing nested groups structure.

With this release, IT Pros can now use the memberOf attribute to include the individual members of up to 50 groups in each dynamic group. “Unlike existing nested security groups today, memberOf dynamic groups return a flat list of members, so can be used for licensing assignment and application assignment,” the company explained.

IT Admins Can Now Create Nested Dynamic Azure AD Groups

How to create nested Azure AD dynamic group

Microsoft added that IT admins will be able to set up dynamic groups via Azure portal, PowerShell, and Microsoft Graph. However, they will need to have the required permissions (i.e, Global Administrator, Intune Administrator, or User Administrator). It is important to note that the rule editor doesn’t support memberOf dynamic groups, and IT Pros will need to type the rule manually.

Sign in to the Azure portal and select Azure Active Directory >> Groups, and then choose the New group option.
Enter all the required information related to the group. IT admins can set the group type as “Microsoft 365/Security” and the membership type as “Dynamic Device/Dynamic User.”
Now, select Add dynamic query and click the Edit option to type the rule in the Rule syntax box. For instance:
1. User rule — user.memberof -any (group.objectId -in [‘groupId’, ‘groupId’])
2. Device rule — device.memberof -any (group.objectId -in [‘groupId’, ‘groupId’])
Finally, click the OK button and then choose the Create group option.

Microsoft is rolling out these dynamic group improvements in preview to customers with an Azure AD Premium license. Keep in mind that this preview release doesn’t allow users to create more than 500 dynamic groups. Microsoft has also outlined a couple of other limitations, and we invite you to check out this support document for additional information.

Related Article:

by Rabia Noureen
Last Update: Jul 17, 2023
Jun 9, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Microsoft Entra ID App Registration and Enterprise App Security Explained

Oct 19, 2023
Apr 17, 2024
How to Properly Secure and Govern Microsoft Entra ID Apps

Oct 19, 2023
Apr 17, 2024
What is Azure AD B2C?

Feb 7, 2024
Feb 12, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.