Forum Discussion
How to exclude security group members using dynamic query
Hi, I'm trying to build a dynamic query for a security group and want to exclude members of a certain group in this. Example- Let's say there's a security group A and I'm building a new security...
- The memberOf attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of
Also bear in mind:
- Avoid the use of the https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-member-of operator if possible. It's currently in preview, and it comes with bugs and limitations. It can also introduce more complexity, particularly if a tenant has a large number of groups or frequent updates. The recommendation is to delete existing memberOf groups in your tenant.
From <https://learn.microsoft.com/en-us/entra/identity/users/manage-dynamic-group#optimizing-rule-efficiency>