SOLVED

Add Dynamic Distribution List in O365 Security Group

%3CLINGO-SUB%20id%3D%22lingo-sub-312438%22%20slang%3D%22en-US%22%3EAdd%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312438%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20add%20a%20Dynamic%20Distribution%20List%20into%20O365%20Security%20Group%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Regards%2C%3C%2FP%3E%3CP%3EBhanu%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-312438%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313413%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313413%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F16233%22%20target%3D%22_blank%22%3E%40bhanu%20chintha%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20this%20article%20shows%3C%2FP%3E%3CP%3E-%20You%20can%20have%20dynamic%20security%20groups%3C%2FP%3E%3CP%3E-%20You%20can%20have%20dynamic%20office%20365%20groups%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-...%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20set%20these%20in%20Azure%20AD.%20You%20cannot%20add%20a%20dynamic%20distribution%20list%20to%20an%20existing%20security%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20should%20answer%20the%20question%20you%20originally%20had.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20will%20help%20you%20create%20such%20a%20group%20based%20upon%20dynamic%20rules%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-create-rule%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-create-rule%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20not%20think%20you%20would%20need%20to%20enable%20external%20sharing%20on%20SP%20site%20collection%20to%20give%20permissions%20directly%20to%20DDL%20-%20this%20is%20for%20users%20outside%20of%20the%20organisation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%2C%20Chris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312812%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312812%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bfor%20your%20quick%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20My%20requirement%20is%20to%20dynamically%20evaluate%20members%20and%20give%20authorization%20for%20users%20to%20access%20from%20O365%20Group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20To%20summarize%20-%20I%20cannot%20add%20DDL%20into%20O365%20Security%20Group.%20But%2C%20I%20can%20create%20a%20Group%20in%20AAD%20based%20on%20dynamic%20rules%20similar%20to%20DDL.%20And%20Use%20this%20AAD%20Group%20directly%20in%20SP%20permissions%20mapping.%20Am%20i%20right%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20on%20the%20other%20hand%20-%20Do%20i%20need%20to%20mandatorily%20enable%20external%20sharing%20on%20SP%20site%20collection%20to%20give%20permissions%20directly%20to%20DDL%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Regards%2C%3C%2FP%3E%3CP%3EBhanu%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312563%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312563%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20you%20cannot%2C%20as%20DDLs%20are%20not%20recognized%20by%20AAD%2C%20thus%20there%20is%20no%20matching%20object%20to%20add%20to%20the%20security%20group.%20You%20can%20add%20them%20as%20members%20to%20any%20group%20Exchange%20recognizes%20though%2C%20including%20mail-enabled%20security%20groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312460%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312460%22%20slang%3D%22en-US%22%3EHi%20Bhanu%2C%3CBR%20%2F%3E%3CBR%20%2F%3EBelieve%20what%20you%20are%20looking%20for%20security%20groups%20with%20dynamic%20membership.%20These%20can%20be%20created%20in%20Azure.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20Community%20article%20should%20be%20able%20to%20help%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365-Groups%2FDynamic-Office-365-groups%2Ftd-p%2F5937%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365-Groups%2FDynamic-Office-365-groups%2Ftd-p%2F5937%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20believe%20you%20need%20Azure%20AD%20Premium%20P1%20to%20create%20these%20out%20of%20the%20box%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Hello Everyone,

 

Can we add a Dynamic Distribution List into O365 Security Group?

 

 

Thanks & Regards,

Bhanu

4 Replies
Highlighted
Hi Bhanu,

Believe what you are looking for security groups with dynamic membership. These can be created in Azure.

https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-groups-create-...

This Community article should be able to help

https://techcommunity.microsoft.com/t5/Office-365-Groups/Dynamic-Office-365-groups/td-p/5937

I believe you need Azure AD Premium P1 to create these out of the box

Hope that helps

Best, Chris
Highlighted

No, you cannot, as DDLs are not recognized by AAD, thus there is no matching object to add to the security group. You can add them as members to any group Exchange recognizes though, including mail-enabled security groups.

Highlighted

Thanks @Christopher Hoard and @Vasil Michev for your quick help.

 

Yes, My requirement is to dynamically evaluate members and give authorization for users to access from O365 Group.

 

So, To summarize - I cannot add DDL into O365 Security Group. But, I can create a Group in AAD based on dynamic rules similar to DDL. And Use this AAD Group directly in SP permissions mapping. Am i right?

 

Also, on the other hand - Do i need to mandatorily enable external sharing on SP site collection to give permissions directly to DDL?

 

 

Thanks & Regards,

Bhanu

Highlighted
Best Response confirmed by bhanu chintha (Frequent Contributor)
Solution

Hi @bhanu chintha

 

As this article shows

- You can have dynamic security groups

- You can have dynamic office 365 groups

 

https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-groups-create-...

 

You set these in Azure AD. You cannot add a dynamic distribution list to an existing security group.

 

This should answer the question you originally had. 

 

These will help you create such a group based upon dynamic rules

https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-create-rule

https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-dynamic-membership

 

I do not think you would need to enable external sharing on SP site collection to give permissions directly to DDL - this is for users outside of the organisation.

 

Best, Chris