SOLVED
Home

Add Dynamic Distribution List in O365 Security Group

%3CLINGO-SUB%20id%3D%22lingo-sub-312438%22%20slang%3D%22en-US%22%3EAdd%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312438%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20add%20a%20Dynamic%20Distribution%20List%20into%20O365%20Security%20Group%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Regards%2C%3C%2FP%3E%3CP%3EBhanu%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-312438%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313413%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313413%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F16233%22%20target%3D%22_blank%22%3E%40bhanu%20chintha%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20this%20article%20shows%3C%2FP%3E%3CP%3E-%20You%20can%20have%20dynamic%20security%20groups%3C%2FP%3E%3CP%3E-%20You%20can%20have%20dynamic%20office%20365%20groups%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-...%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20set%20these%20in%20Azure%20AD.%20You%20cannot%20add%20a%20dynamic%20distribution%20list%20to%20an%20existing%20security%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20should%20answer%20the%20question%20you%20originally%20had.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20will%20help%20you%20create%20such%20a%20group%20based%20upon%20dynamic%20rules%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-create-rule%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-create-rule%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20do%20not%20think%20you%20would%20need%20to%20enable%20external%20sharing%20on%20SP%20site%20collection%20to%20give%20permissions%20directly%20to%20DDL%20-%20this%20is%20for%20users%20outside%20of%20the%20organisation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%2C%20Chris%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312812%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312812%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bfor%20your%20quick%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20My%20requirement%20is%20to%20dynamically%20evaluate%20members%20and%20give%20authorization%20for%20users%20to%20access%20from%20O365%20Group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20To%20summarize%20-%20I%20cannot%20add%20DDL%20into%20O365%20Security%20Group.%20But%2C%20I%20can%20create%20a%20Group%20in%20AAD%20based%20on%20dynamic%20rules%20similar%20to%20DDL.%20And%20Use%20this%20AAD%20Group%20directly%20in%20SP%20permissions%20mapping.%20Am%20i%20right%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20on%20the%20other%20hand%20-%20Do%20i%20need%20to%20mandatorily%20enable%20external%20sharing%20on%20SP%20site%20collection%20to%20give%20permissions%20directly%20to%20DDL%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20%26amp%3B%20Regards%2C%3C%2FP%3E%3CP%3EBhanu%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312563%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312563%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20you%20cannot%2C%20as%20DDLs%20are%20not%20recognized%20by%20AAD%2C%20thus%20there%20is%20no%20matching%20object%20to%20add%20to%20the%20security%20group.%20You%20can%20add%20them%20as%20members%20to%20any%20group%20Exchange%20recognizes%20though%2C%20including%20mail-enabled%20security%20groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-312460%22%20slang%3D%22en-US%22%3ERe%3A%20Add%20Dynamic%20Distribution%20List%20in%20O365%20Security%20Group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312460%22%20slang%3D%22en-US%22%3EHi%20Bhanu%2C%3CBR%20%2F%3E%3CBR%20%2F%3EBelieve%20what%20you%20are%20looking%20for%20security%20groups%20with%20dynamic%20membership.%20These%20can%20be%20created%20in%20Azure.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Factive-directory%2Ffundamentals%2Factive-directory-groups-create-azure-portal%23how-can-i-create-a-simple-rule-to-manage-members-of-a-group-dynamically%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20Community%20article%20should%20be%20able%20to%20help%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365-Groups%2FDynamic-Office-365-groups%2Ftd-p%2F5937%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365-Groups%2FDynamic-Office-365-groups%2Ftd-p%2F5937%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20believe%20you%20need%20Azure%20AD%20Premium%20P1%20to%20create%20these%20out%20of%20the%20box%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Frequent Contributor

Hello Everyone,

 

Can we add a Dynamic Distribution List into O365 Security Group?

 

 

Thanks & Regards,

Bhanu

4 Replies
Hi Bhanu,

Believe what you are looking for security groups with dynamic membership. These can be created in Azure.

https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-groups-create-...

This Community article should be able to help

https://techcommunity.microsoft.com/t5/Office-365-Groups/Dynamic-Office-365-groups/td-p/5937

I believe you need Azure AD Premium P1 to create these out of the box

Hope that helps

Best, Chris

No, you cannot, as DDLs are not recognized by AAD, thus there is no matching object to add to the security group. You can add them as members to any group Exchange recognizes though, including mail-enabled security groups.

Thanks @Christopher Hoard and @Vasil Michev for your quick help.

 

Yes, My requirement is to dynamically evaluate members and give authorization for users to access from O365 Group.

 

So, To summarize - I cannot add DDL into O365 Security Group. But, I can create a Group in AAD based on dynamic rules similar to DDL. And Use this AAD Group directly in SP permissions mapping. Am i right?

 

Also, on the other hand - Do i need to mandatorily enable external sharing on SP site collection to give permissions directly to DDL?

 

 

Thanks & Regards,

Bhanu

Solution

Hi @bhanu chintha

 

As this article shows

- You can have dynamic security groups

- You can have dynamic office 365 groups

 

https://docs.microsoft.com/en-gb/azure/active-directory/fundamentals/active-directory-groups-create-...

 

You set these in Azure AD. You cannot add a dynamic distribution list to an existing security group.

 

This should answer the question you originally had. 

 

These will help you create such a group based upon dynamic rules

https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-create-rule

https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-dynamic-membership

 

I do not think you would need to enable external sharing on SP site collection to give permissions directly to DDL - this is for users outside of the organisation.

 

Best, Chris

Related Conversations
Creating A Sublist
zjohnson in Excel on
5 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Join Our Security Community
Ryan Heffernan in Security, Privacy & Compliance on
2 Replies
Teams Owner (and member) unable to join team
Richard Davies in Microsoft Teams on
4 Replies