Microsoft has announced that Azure AD Dynamic Groups is now available.  This will allow you to create groups that will automatically add and remove users based on AD Properties like Location or Department.

What will you need:

  • Azure AD Premium License (documentation says P1, but I’ve heard others say P2 is required)
  • An AD Property or AD Properties that you want to dynamically create your group by

Step 1 – Identify the AD Property that we want to use.

In this demo, I will use the Country field to build a group for everyone in the United States

Azure AD Dynamic Groups

Adele Vance AD Properties

Step 2.1 – Create new Azure AD Dynamic Groups

First we will create an O365 Group and give it a name (US Employees) and click the drop-down on Membership Type selecting Dynamic as opposed to Assigned

Azure AD Dynamic Groups

Step 2.2 – Create the Dynamic Rule

Once you click on the Add Dynamic Query, you will build one or more Dynamic Rules to populate the group.  In this case, I am looking for the country field to be Equal to United States.  Since that is, sometimes, a free-form field, you might need to use a more lax rule or even multiple rules to get everyone.  That sort of depends on how good your AD properties are.

Azure AD Dynamic Groups

If you do need to do something more complex, then you are going to build a complex rule which gives you the ability to write your own query.

Here is an example of a query that should get United States, US, and USA from the country field:

Azure AD Dynamic Groups

Once you have the rule, you can save it.  If you view the Group Properties you will initially see that the Group Membership is being evaluated.  This doesn’t take a very long time, but its not instant.

Azure AD Dynamic Groups

This was just a couple of minutes later and everything was done.

Azure AD Dynamic Groups

So, the next cool step, now that we have a Dynamic O365 Group is to create a Team from that Group.

Then select the Group that we created

And you know its a Dynamic Team because you cannot add and remove members…so, good practice would be to put that in the description or part of the name so people don’t get frustrated.

So, now we can create a Team with Dynamic Membership…if we have Azure AD Premium…and since that comes with EM-S you should definitely have that.