Dynamic Groups: Member of group
Would be good to have the possibility to use membership in other groups as a condition in a dynamic group membership rule.
(user.objectId -memberOf group.objectId)
(user.objectId -notMemberOf group.ObjectId)
Use case 1 - Group Based Licensing.
If the user is member of a group that gives them a E5 license, don't let them be member of a group that gives them E3.
Use case 2 - Exceptions
All users should have a MDM policy applied, accept those of a specific group.
Thank you for your feedback! The feature team is aware of this suggestion and will keep it under consideration. There are technical challenges to overcome in order to make this happen. Please keep the votes coming if this feature matters to you.
Rudolph Smith commented
This has been under consideration for 2 years? How is this not implemented already?
How is this not implemented yet?
Paul Zimmerman commented
Please add this feature. This would made managing Microsoft Teams so much easier by allowing us to control membership in a Microsoft Team based on their security group assignments.
For example, an individual may be part of multiple project workgroups, departments, etc. When added to a security group or distribution group that gives them access to file server resources, it would also be nice if they were automatically given permission to the O365 Group.
Since many organizations use Azure AD Connect, onboarding and offboarding of users would also be much simplier--no more forgetting to add or remove someone from each individual Microsoft Team group, but can instead be added by simply copying someone else in AD that has their same role or adding to a security group.
Shailesh Ahire commented
We are going to leave migration to Azure AD because of these problems, your technical team not able to create solution since long. we just want nested dynamic group.
Marius Solbakken commented
I see SO many use cases for this feature, it is ridiculous. Major feature for me would be to have different "role groups", meaning "FTEs", "Contractors" etc and organization groups "Department X" and "Division Y", and then creating comination groups such as "FTEs in Division Y". More often than not you have users with multiple positions, and they could have multiple organization groups and role groups etc, so tagging users with attributes for these FTE and Division tags might not always be an option.
it would be grate if we had the feature but till then i am using this query for dynamic groups.
basically, if a user have a specific license cant be a member of this licensing group.
(user.accountEnabled -eq true) and (user.userType -match "Member") and ((user.assignedPlans -any (assignedPlan.servicePlanId -ne "5136a095-5cf0-4aff-bec3-e84448b38ea5")) or (user.assignedPlans -any (assignedPlan.servicePlanId -ne "efb87545-963c-4e0d-99df-69c6916d9eb0")))
if you need to see the Service paln ids
Get-AzureADUser -SearchString "username" | ConvertTo-Json
Frans van 't Hoff commented
Is there an update for this feature? I am looking for a solution to make a static group (team) a member of a dynamic group (team), this should make it possible to add users to a dynamic group (team) by joining them in the Static group (team). Hopefully this is clear enough.
Chad Hensley commented
We need this for provisioning to 3rd party SaaS like Zendesk from Azure. Automatic provisioning is useless without it, as you have to constantly update the "non-admin" group as employees are hired.
Roman Kaleln commented
Any Update? How is the current status?
any update I would like this
Tamlin Stryk commented
It's really frustrating that this feature is not yet in place, please make this feature a priority.
Travis Lingenfelder commented
It would be great to have dynamic rules that can include both being a member or being an owner of a group.
Hugues Vandenbroucke commented
MemberOf should also take indirect members, so it should support nested groups too.
Today there is no way to assign licenses to members of nested groups, neither directly through groups nor through dynamic groups.
Any updates on this? It's honestly the most frustrating thing I have to deal with when it comes to Azure AD since we're a hybrid org right now. I can't believe this topic was posted almost three years ago.
HELLO MS???? Where is this feature????? Its 2020 FFS.
Stephan G commented
If you have a local AD with AD Sync you can use my script (and change it for your needs)
Robert Moir commented
This would be so useful right now to sequence things like App rollouts in Intune, e.g. make a *device* a member of group A, add members of group A to group B would be a way of prioritization for app deployments for large phone deployments.
John Hamilton commented
+1. This would solve lots of issues around dynamic membership.
How is this still not a feature??