Dynamic Group - All Users

Iron Contributor

Hi,

 

I recently came across a rule syntax for Dynamic Group in Azure AD where all users are added to the group looking for some documentation on this. The rule syntax was "All Users". It works, just not able to find some documentation on this.

6 Replies
Hi Sai,

You should consider your goal here too because at its broadest, this will sweep up guest accounts and admin accounts as well as standard user accounts. What will you do with such a group? Grant it access to something, conditionally or unconditionally, deny it access to something? Think through your use case and get your exclusions/inclusions right to match that use case.

Cheers Ash

@VasilMichev - I am came across this article and went through it, this actual talks about the syntax which makes sense. check the below screenshot which also works with out the syntax from the article. I appreciate any further insight 🙂

Screen Shot 2022-05-25 at 7.28.40 AM.png.

@Ash_Gardiner - I agree, the reason for my question is, I was trying to restrict a dynamic group that was already in use and is pulling all users and I came across a weird syntax which is just "All Users" and no documentation anywhere and it works. screenshot below.

Screen Shot 2022-05-25 at 7.28.40 AM.png

In light of this screen shot, your Bing-fu is less weak than has been suggested. I can't find any mention of this and I can't build a query to match it. I validated 2x dynamic groups where I directly wrote the syntax as "All Users", then "All Devices" and they both work, so it is not unique to you. Apologies for misunderstanding your issue. The screenshot makes things clear.

@Sai Gutta

The answer to this question is in a (somewhat-buried) comment by Michael Maher in this thread:

https://learn.microsoft.com/en-us/answers/questions/1463147/does-all-users-azure-ad-group-contains-e...

 


There seems to have been a toggle switch for the creation of the 'All Users' group at some stage. The option to create this is now gone from the Azure AD portal in my tenant

https://www.trendmicro.com/cloudoneconformity/knowledge-base/azure/ActiveDirectory/enable-all-users-...