As you may already know, you can create dynamic membership groups in Azure Active Directory (AAD) for quite some time now.
Well, the dynamic membership rules configuration blade has been refreshed and looks better and easier to use; you can now see at the same time the defined rules AND the detailed expression of these rules, no need anymore to switch from one view to the other (available for both existing dynamic groups and during the creation process)
In addition of this interface refresh, you can now also use custom attributes when configuring a Dynamic User group
To use it you will need to provide either the custom attribute from your AD or the application ID from which you want to get the custom attributes; you can get it from the Azure AD\Enterprise applications\All applications blade.
This, off course, requires the custom attribute(s) is/are selected for synchronization.
The format looks like:
user.extensionattributex for the custom attribute from AD
or
user.extension_guid_attribute for the custom attribute from a registered application
where
- extensionattribute is the custom extension name from AD (like extensionAttribute1, extensionAttribute2…). This will looks like user.extensionAttribute1
- extension_guid_attribute is the attribute name from the registered application identified with her GUID. This will looks like user.extension_87a9d628-fb00-450a-a716-88b2e3688be4_OfficeNumber
If you don’t know the attribute, you can query a user account using Microsoft Graph or use the Get custom extension properties using the application GUID