Dynamic Groups: Member of group
Would be good to have the possibility to use membership in other groups as a condition in a dynamic group membership rule.
(user.objectId -memberOf group.objectId)
(user.objectId -notMemberOf group.ObjectId)
Use case 1 - Group Based Licensing.
If the user is member of a group that gives them a E5 license, don't let them be member of a group that gives them E3.
Use case 2 - Exceptions
All users should have a MDM policy applied, accept those of a specific group.
Thank you for your feedback! The feature team is aware of this suggestion and will keep it under consideration. There are technical challenges to overcome in order to make this happen. Please keep the votes coming if this feature matters to you.
Claus Witjes commented
Beside group membership, it would be helpful to build filters on any AzureAD user attribute.
Alex Burgess commented
Any update on this?
Last we heard was 'under review' 6 months ago!
Raymaekers, Peter commented
Any update on this? Possible timeline when it would come available?
Michael Garland commented
Any update on this??
Sebastian Frey commented
Still not fixed...
Douglas Wagner Rodrigues commented
News on that?
Lukas Nikolay commented
That would be handy for so many things. For example two-staged patch management. Group/Ring 1 includes Pilot devices, Group/Ring 2 includes all devices except devices from Group/Ring 1. Thats how I've been doing it in SCCM for years - Can't believe I can't make use of it with AAD+Intune.
Dan Smith commented
We really need this functionality as soon as possible. We've had to create custom scripts to modify the memberships of groups in order to achieve the intended functionality.
Any updates on this one?
Manoj Verma commented
I am also stuck in same problem.
i want to provide access to application if user is active and not part of other security group.
requirement is (user.objectId -notMemberOf group.ObjectId)
Peter Schaunitzer commented
Is there anything new? actual a showstopper on our side
Zachary Chapman commented
Can you provide a timeline on the completion of this requested feature?
Devin Reed commented
Would very much love to see this
Ben Eldridge commented
Any updates on this?
Sascha Weber commented
I cant believe this is not implemented yet.
Please make this feature available!
Managing O365 / Teams memberships manually and additionally to local AD secgroups is an enormous waste of time!
Carlos Conrado commented
any update on this
We already have a IM structure build on-premise with content server. Now, we would need to create o365 groups for the entire IM solution for permission, access etc. Teams is one of many that comes to mind as a use case.
As group based licensing (GBL) and MS Dynamics cant work with nested groups (big oversight) then the need for memberof as an attribute is a must have
This far from nice to have as people move away from syncing on premises groups
This is also needed from a different stand point, e.g. in Intune when there's no exclude options for groups (which is the current experience for PowerShell Scripts).
Bruce Ford commented
Consider both users and devices for memberof.