Azure AD Dynamic Group for Users without an Assigned Plan

Question

Azure AD Dynamic Group for Users without an Assigned Plan

Jay Burke 1

Hi,

I am trying to create a Dynamic User Azure Ad Group where one of the conditions is that users do not have a specific assigned plan.

Here is my syntax but from the results it does not seem to be working as hoped:

(user.accountEnabled -eq True) and (user.extensionAttribute1 -contains "requireEmail") and (user.userPrincipalName -contains "@onmicrosoft.com") and (user.onPremisesDistinguishedName -contains "Managed") and (user.assignedPlans -any (assignedPlan.servicePlanId -ne "e97c048c-37a4-45fb-ab50-922fbf07a370" -and assignedPlan.capabilityStatus -eq "Enabled"))

Any help much appreicated.
Jay

Sandeep G-MSFT 11,331 Reputation points Microsoft Employee

2022-11-01T03:48:06.147+00:00

@Jay Burke

I have reviewed the rule and it looks good to me. We might have to validate what is not working.

Sandeep G-MSFT 11,331 Reputation points Microsoft Employee

2022-11-01T03:48:06.147+00:00

@Jay Burke

I have reviewed the rule and it looks good to me. We might have to validate what is not working.

Answer 1

Cristian SPIRIDON 4,471

Hi,

To use dynamic groups every user in the group must have at least Azure P1 license:

https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

See the Note from the beginning of the doc.

Does every user that will belong to the group have at least Azure P1?

Hope this helps!

Jay Burke 1 Reputation point

2022-10-24T07:50:17.717+00:00

Yes every user has an Azure P1 license

Azure AD Dynamic Group for Users without an Assigned Plan

1 answer

Activity