Azure AD – The Dynamic Membership configuration blade has been refreshed and looks better

As you may already know, you can create dynamic membership groups in Azure Active Directory (AAD) for quite some time now.

Well, the dynamic membership rules configuration blade has been refreshed and looks better and easier to use; you can now see at the same time the defined rules AND the detailed expression of these rules, no need anymore to switch from one view to the other (available for both existing dynamic groups and during the creation process)

image  image

In addition of this interface refresh, you can now also use custom attributes when configuring a Dynamic User group

To use it you will need to provide either the custom attribute from your AD or the application ID from which you want to get the custom attributes; you can get it from the Azure AD\Enterprise applications\All applications blade.

This, off course, requires the custom attribute(s) is/are selected for synchronization.

The format looks like:

user.extensionattributex for the custom attribute from AD

or

user.extension_guid_attribute for the custom attribute from a registered application

where

  • extensionattribute is the custom extension name from AD (like extensionAttribute1, extensionAttribute2…). This will looks like user.extensionAttribute1
  • extension_guid_attribute is the attribute name from the registered application identified with her GUID. This will looks like user.extension_87a9d628-fb00-450a-a716-88b2e3688be4_OfficeNumber

If you don’t know the attribute, you can query a user account using Microsoft Graph or use the Get custom extension properties using the application GUID

image  image

Leave a Comment

Your email address will not be published. Required fields are marked *