Forum Discussion

Sai Gutta's avatar
Sai Gutta
Iron Contributor
May 24, 2022

Dynamic Group - All Users

Hi,

 

I recently came across a rule syntax for Dynamic Group in Azure AD where all users are added to the group looking for some documentation on this. The rule syntax was "All Users". It works, just not able to find some documentation on this.

Azure Active Directory (AAD)
configuration
Identity Management

7 Replies

Sort By
  • CCITD's avatar
    CCITD
    Brass Contributor
    Jul 10, 2024

    Sai Gutta

    The answer to this question is in a (somewhat-buried) comment by Michael Maher in this thread:

    https://learn.microsoft.com/en-us/answers/questions/1463147/does-all-users-azure-ad-group-contains-external-an

     

    There seems to have been a toggle switch for the creation of the 'All Users' group at some stage. The option to create this is now gone from the Azure AD portal in my tenant

    https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/ActiveDirectory/enable-all-users-group.html

     

  • Ash_Gardiner's avatar
    Ash_Gardiner
    Iron Contributor
    May 24, 2022
    Hi Sai,

    You should consider your goal here too because at its broadest, this will sweep up guest accounts and admin accounts as well as standard user accounts. What will you do with such a group? Grant it access to something, conditionally or unconditionally, deny it access to something? Think through your use case and get your exclusions/inclusions right to match that use case.

    Cheers Ash
    • Sai Gutta's avatar
      Sai Gutta
      Iron Contributor
      May 25, 2022

      Ash_Gardiner - I agree, the reason for my question is, I was trying to restrict a dynamic group that was already in use and is pulling all users and I came across a weird syntax which is just "All Users" and no documentation anywhere and it works. screenshot below.

      • Ash_Gardiner's avatar
        Ash_Gardiner
        Iron Contributor
        May 25, 2022
        In light of this screen shot, your Bing-fu is less weak than has been suggested. I can't find any mention of this and I can't build a query to match it. I validated 2x dynamic groups where I directly wrote the syntax as "All Users", then "All Devices" and they both work, so it is not unique to you. Apologies for misunderstanding your issue. The screenshot makes things clear.
    • TylerSmall's avatar
      TylerSmall
      Copper Contributor
      Sep 04, 2025

      That article is not relevant to OPs question. 

    • Sai Gutta's avatar
      Sai Gutta
      Iron Contributor
      May 25, 2022

      VasilMichev - I am came across this article and went through it, this actual talks about the syntax which makes sense. check the below screenshot which also works with out the syntax from the article. I appreciate any further insight 🙂

      .

Resources