Aug 19 2020
- last edited on
Jan 14 2022
1. I have a dynamic user group (Microsoft365) (CRM users) --- originating from random AD OUs or departments. where group name should be "CRM users.
2. I have CRM application name "CRM"
3. I want to populate the Dynamic group with all staff using this "CRM"
the first step i have done;
- I created a rule based on department (user.department -contains "Medical") and (user.accountEnabled -eq True) this works, but only for that department
- Now I want to assign users this application, then add them to dynamic group.
So that all users of CRM, automatically belong to "CRM users group".
___>>> (user.objectId -ne NULL) and (user.accountEnabled -eq True) and (applications.applicationId -eq "38bb468d-88ef-46d4-ad2d-8d57c1903964") ,,,, this is not working.
Aug 20 2020 12:21 AM
Never seen the application attribute being used, are you sure it's supported? Afaik only the attributes listed in this article are supported: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
Aug 20 2020 09:45 AM
@Vasil Michev how can I construct rule that can allow application users to be members of the same group. For example; accounting users, sales users, marketing users, IT users (not everyone in these departments use the app but some of them use the app), I want to create for them a dynamic group.
Aug 23 2020 07:38 AM