In this article, you will learn about dynamic groups in Microsoft 365. I’ll walk through the benefits of using them and how to create them.
Requirements for Dynamic Groups
To use dynamic groups in 365 you will need to have an Entra ID P1 or an Intune for Education license for each unique user who’s a member of one or more dynamic membership groups
What are Microsoft 365 Dynamic Groups?
Microsoft 365 Dynamic Groups are a type of group that automatically adds or remove users based on specific properties like department, location, or job title without requiring manual updates.
Unlike regular groups where you add people one by one, dynamic groups use rules to decide who should be in the group. These rules keep checking people’s info and automatically update the group as things change.
The benefits of using dynamic groups in Microsoft 365
Automation of User Management
Automatically updates group memberships when user attributes change. For example, a user is assigned to the accounting department then automatically adds them to the account groups.
Scalability
Great for big companies or schools where it’s too hard to manage access by hand. To bulk add or remove users to groups you would need to create a PowerShell script. With Dynamic groups it makes it easy to bulk add or remove users to groups.
Enhanced Security & Compliance
Helps enforce role-based access control policies more effectively, improving security.
Streamlined Licensing & App Access
Assign licenses or access to apps, SharePoint sites, Teams, or conditional access policies based on group memberships automatically.
Simplifies Onboarding
New users are automatically added to appropriate groups automatically based on their properties.
Create Dynamic Groups in Microsoft 365
In this example, I’ll dynamically add users to a group based on their department property. For example, when the users department property is “IT” it will add them to the IT Department group.
Step 1: Log into Microsoft Entra admin center
Step 2: On the left side go to Groups then click New Group
Step 3: Create the group, make sure to select Dynamic User under membership type then select “Add dynamic query”.
Step 4: Set up the query. In this example I want all users who are in the IT department to be added to the group. To do that I am using the department property, the operator to equals, and the value IT. Hit save once completed and then create the group.
Note: To add multiple conditions, click + Add expression. For example, you might want to include a condition to only add enabled user accounts.
Once I created the group all users with the IT for the department were automatically added to the group. Click “Members” to see all the members of the group.
Note: It can take several minutes for the rule to process and users to start showing up in the group.
