I will demonstrate how to automate assigning group membership automatically.
The scenario is group membership will be updated automatically based on the user job titles. This feature requires a Microsoft Entra ID P1 or a P2 subscription
First we are going to create two test users in MS Entra ID
This user will need at least need the Attributes:
Job title (Properties tab): Cloud Administrator
Department (Properties tab): IT
Usage location (Properties tab):Canada
The 2nd user we will create will have the following attributes:
Job title: System Administrator
Department: IT
Usage location: Canada
For this demo I have a P2 Trial license. Under Microsoft Entra ID | license | All Products | Select your P2 license. We want to assign our users a P2 license as this is required for Dynamic group membership
Click Assign….
Add the user…
Select the two users we just created….
Now lets create some dynamic groups. Navigate to Microsoft Entra ID | Groups
Click on New Group
We will call this group IT Cloud Administrators
We want to create a dynamic expression but we cannot create one until we select in the dropdown for Membership type
In the drop down list select Dynamic user
Once you select Dynamic user the “Members” option changes to “Dynamic user members”
Click on ‘Add dynamic query” and then + Add expression
We will based our query on the attribute “jobtitle” and the value we put for the user as “Cloud Administrator”
Save the expression and save the create the group
We will create a 2nd group called “IT System Administrators”
We will use “jobtitle” again but this time the value will be “System Administrators”
Now if we look at the group membership for IT System Administrators we can see that our user svitest02 became a member of the IT Systems Administrators group automatically..
The reason is the Job Title was defined as as “System Administrator” based on our dynamic query.
Remember this all happens because we have to assign a license to our users. To show this I have created a third user svitest02 with a job title of Cloud Administrator..
However If we look at the group the user is not a member….
I now assign svitest03 a license.
If we look at the IT Cloud Administrators group we now see our svitest03 a member of that group.