Oct 25 2019
- last edited on
Jul 24 2020
Question for the Hive Mind. As the title suggests, I am trying to setup a process for emailing a dynamic security group in Azure AD. The dynamic security group is for all active users, excluding users with specific job titles (Service Accounts, etc). As any organization, we have a lot of new and terminated users, so I need a security group that automatically updates based on my defined variables. I'd like to send out communications to this security group via email and I thought I would be able to create a Office 365 group and tie it to a security group - silly me for thinking that would be a logical thing to do.
I know mail-enabled security groups and dynamic distribution groups are a thing in EAC, but they seem convoluted in setting up and each are not a tenable solution. Mail-enabled sec groups do not allow adding other security groups or adding users dynamically via rule attributes. Dynamic distribution lists allow rule based attributes, but I don't understand their "Custom Attribute" defined words and how they relate to a user account.
Oct 26 2019 09:26 AM
Dynamic security groups are not mail enabled, so you cannot use them for that purpose. You can create an Office 365 Group with dynamic membership from the same place though, and that will do the trick.
And to correct your latter statement - you can add other security groups as a member of mail-enabled security group, however as those are not recognized as valid Exchange recipients, you will still not be able to use them for email purposes.
Oct 28 2019 09:42 AM
@Vasil Michev I would prefer not to use an Office 365 Group, as its not meant to be collaborative or social based. This dynamic group is solely meant for communications.
Looks like my only route here is creating a dynamic distribution group using rules. I don't understand what the custom attributes (1-15) point to in the attributes of the Azure AD user accounts? When I create a dynamic security group, I can point to attributes such as "jobTitle" and a value in that field. Can someone please explain that?
Oct 28 2019 09:48 AM
You can. The UI limits you to just a handful of attributes, user PowerShell and the New-DynamicDistributionGroup cmdlet instead.