How can we improve Azure Active Directory?

← Azure Active Directory

Enable support for dynamic mail-enabled security groups

Dynamic security groups are great, mail-enabled groups are great too wouldn't it be great to have both. We have a requirement to create security groups (or distribution groups) based on employee attributes (i.e. Active Full-time, Active Parttime, etc...). These attributes live in Azure AD but aren't accessible in Exchange Online so I cannot create a dynamic distribution group. I am able to create a mail-enabled security group but the membership cannot be dynamic. And any dynamic group I create can't be mail-enabled unless it's a unified group but for the purposes we need the groups for Unified groups aren't appropriate. All North America employees do not need to be a threaded group with planner and calendars. Please fix these gaps.

280 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

McKay, TreVon shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
unplanned  ·  Azure AD Team responded  · 

Thank you for your feedback! We have heard you and are considering future implementation options. There is no timeline yet for implementation. If this feature matters to you, keep voting as it will help us prioritize.

43 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Can't believe this hasn't been implemented. This is why people are scared of Azure AD.

  • john commented  ·   ·  Flag as inappropriate

    I proposed this concept for our on Prem SharePoint, only to find it doesn't work? Please help me look good and make it a reality:-)

  • Hidenori Takahashi commented  ·   ·  Flag as inappropriate

    I really need this right now to give access permissions in apps and send group mail. We purely want "Dynamic mail-enabled security group".

    Now we have 2 ways for substitute. First is to create static mail-enabled security group and combine with batch program, but it's much tougher than creating dynamic security group. Second is to use Office365 group, but this will have unnecessary apps. Anyway, both way is nonsense.
    If Microsoft implements "Dynamic mail-enabled security group", I'm sure it makes our business easy.

  • Jennifer L. Newmark commented  ·   ·  Flag as inappropriate

    It's very disappointing that it took more than A YEAR for Microsoft to respond to this, and 2 1/2 years later it's STILL a problem. Pretty much any business over 50 or 100 people needs this functionality.

    Come on, Microsoft! With COVID-19 changing the way the world works, this functionality is needed more than ever!

  • David Mowers commented  ·   ·  Flag as inappropriate

    Not having this functionality is making a hash out of our security policies and complete disconnect between things like DLP and other security policies. It's odd this one is taking so long. Seems like it should be pretty simple.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is essential for Exchange Scoping. New-ApplicationAccessPolicy -PolicyScopeGroupID. As we move from LegacyAuth to Modern Auth, we are finding more and more apps that need Application permissions and we have a need to scope those applications to a security group. Those groups have to be dynamic. Example: We need this application to ONLY access mailboxes in UK. We need this application to ONLY access Mailboxes for the Tax Service line.

  • Tony Richardson commented  ·   ·  Flag as inappropriate

    We need this now, I need to create dynamic distribution groups with memberships based on job title and functions for communications during the COVID-19 pandemic.

    Either that or allow mail enabling of azure dynamic security groups

  • Anonymous commented  ·   ·  Flag as inappropriate

    Alternatively, for my purpose (Azure Information Protection, add group to sensitivity label policy; have users and groups synced from on-prem AD) it would also be great if Directory synced objects can be used in AIP policy assignment

  • Anonymous commented  ·   ·  Flag as inappropriate

    We could really use this feature, especially in terms of mail enabling security groups that are dynamic. The sorting logic in Azure is much better than oPath and/or for dynamic distribution groups in Exchange.

  • SPRubi commented  ·   ·  Flag as inappropriate

    In our current project we want to have groups for news personalization on Intranet as well as distribution groups for info mailing.
    To avoid that all those groups have to be created twice, this is exactly what we need - it's a must have for us.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Our SharePoint consultants want mail enabled security groups and I want them dynamic. So get moving Microsoft.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Another solution would be to allow the use of dynamic Azure security groups for Exchange object permissions. But please do something to make dynamic permission assignment possible in Exchange Online.

  • Anonymous commented  ·   ·  Flag as inappropriate

    How about a simple change to allow Dynamic Distribution List membership by Security Group?

← Previous 1 3

Azure Active Directory: Groups/Dynamic groups

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice