What is a Dynamic Group in Microsoft 365?

A Dynamic Group in Microsoft 365 is an Azure Active Directory (Azure AD) group where membership is automatically managed based on predefined rules. Instead of manually adding or removing members, the system dynamically updates group membership as users or devices meet (or no longer meet) the criteria.

How Dynamic Groups Work

Dynamic groups rely on membership rules defined by administrators. These rules use attributes (such as department, job title, or location) to include or exclude users or devices.

Example Rule:
Include all users in the “Sales” department:

(user.department -eq "Sales")

Types of Dynamic Groups

1. User Dynamic Groups: Automatically manage users based on attributes like role, department, or location.
2. Device Dynamic Groups: Automatically manage devices based on operating system, compliance state, or ownership type.

Use Cases for Dynamic Groups

• License Assignment: Assign licenses to users in specific roles or locations.
• Security Groups: Control access to resources like SharePoint sites or Teams channels.
• Compliance Policies Enforce conditional access or compliance policies for specific device types.

Benefits of Using Dynamic Groups

1. Automation: Reduces manual workload and minimizes errors.
2. Scalability: Automatically adapts to organizational changes like new hires or department shifts.
3. Consistency: Ensures group membership aligns with organizational rules.

How to Create a Dynamic Group

Dynamic groups can be created in the Azure AD Admin Center or with PowerShell:

New-AzureADMSGroup -DisplayName "Sales Team" -GroupTypes "DynamicMembership" -MembershipRule "(user.department -eq 'Sales')" -MembershipRuleProcessingState "On"

Dynamic groups streamline access management, ensuring the right people and devices have access to the right resources—automatically.

Explore More

• Using New-AzureADMSGroup to Create Dynamic Groups