Ability to trigger a dynamic group update
It would be wonderful if there was a way to trigger a re-sync of dynamic groups after changes are made. Right now some changes take over 24 hours to show and when experimenting with new dynamic rules it makes it difficult to see results. The trigger could be something like the Reset and Resync box in Enterprise Apps provisioning or just a Powershell applet that can be run.
Bill Kaage
shared this idea
Our feature team is looking into options for addressing this scenario, but we do not yet have any timelines to share. For now as a workaround, you can manually trigger the reprocessing by updating the membership rule to add a whitespace at the end. We’ve also added the ability to check the membership processing status, to keep track of the status and know if processing is complete.
39 comments
-
Trond Stien
commented
This is essential for dynamic group memberships.
Currently having issues with removal/joining of group members due to no total-refresh of members.
-
Morten Trab
commented
Intune is pretty useless with dynamic device groups as these are WAY too slow to update.
We have around 2000 mobile devices which we need to target on device level, and as it is now the users are able to mess around in several settings, before policies and apps are forced. -
Anonymously Frustrated
commented
A Re-Process option exists on the licenses tab for dynamic groups, so you must have thought about this. +1 on providing a PS command to do this.
-
Anonymous
commented
we need to have the ability to update dynamic group, without the ability to update on demand, this is useless.
-
Declan
commented
+1 - Takes too long to update.
-
Anonymous
commented
This is critical for Intune devices.
-
Midtbø, Atle
commented
+1
-
Mathieu Beaugrand
commented
+1
-
Andy J. Bigford
commented
Adding the 'What If" tool/option to the Dynamic membership rule page would be helpful for testing.
This might also reduce the need to trigger the update. -
Adam Demeter
commented
This message is directed at Adam Fowler. My dynamic membership rules were working OK last week, and even tried creating a new one to move students who need particular licenses set on their account. This week, at least two of my groups, have the "failed to load" error in the membership rules. Did you do anything to fix your issue?
-
Adam Fowler
commented
Tried the whitespace trick, but instead it just broke the dynamic rules page and kept saying 'failed to load' ? Didn't seem to reprocess the group either.
Also can't find that MembershipRuleProcessingState paramater, it's supposed to exist according to this https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureadmsgroup?view=azureadps-2.0 but even after only having the latest AzureAD module installed, it's not there. Doco doesn't seem complete at this stage, maybe it existed in Azure AD v1?
-
Anonymous
commented
I tried running the Powershell command that Charbel suggested, but I keep getting "parameter cannot be found the matches MembershipRuleProcessingState"
We are at the beginning of a new school year and are trying to issue iPhones to administrators. We can't wait 24 hours after a phone enrolls in Intune for it to pick up its group memberships.
I've been doing mobile device management for our organization (a large school district) for six years. I've worked with 3 MDM systems and tested half a dozen others, and Intune is BY FAR the most difficult and frustrating to work with. Customers should not have to beg for features that are standard in other MDMs.
I find it telling that Microsoft doesn't even use their own MDM to manage their in-house Apple devices...
-
Charbel
commented
One workaround I've successfully used is to change the MembershipRuleProcessingState to 'Paused' and then back to 'On'.
Run the following to obtain Group ID
Get-AzureADMSGroup -SearchString "GROUPABC"Then run:
Set-AzureADMSGroup -Id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -MembershipRuleProcessingState "Paused"To re-enable processing, update "paused" to "on"
Wait a few minutes for the evaluation to take place.
-
Sebastian
commented
I think we are not talking about an improvement here, but a clear bug. Because even the workaround sometimes does not work. In my case, editing the membership rule is impossible (although the page states that it was saved, if you go back in, nothing is changed) - hence, new processing does not get triggered. So dynamic groups are useless, as they are most of the time not dynamic!
-
Anonymous
commented
Whitespace "hack" works but for first assignment, changing the group will not force update in decent time. Will also not force to remove app that is not in new group or it is excluded.
-
wd
commented
Hello, please give us an update on this.
-
JT
commented
I just got off the line with a Microsoft Premier Engineer who suggested I wait 24-48 hours for an Autopilot device delete to occur, the device was associated with a dynamic group. Honestly, waiting 1 hour is far too long for a product as critical as this. When will a faster and more reliable solution be made available?
-
Graham
commented
Same here. Even if it were a powershell trigger or some way to get the groups to update more frequently.
-
Anonymous
commented
Yes please,
Need the option Asap -
Anonymous
commented
same
