Hi
As of right now, the only supported properties that can be used with Dynamic membership rules can be found here:
For your scenario, you could use the following:
- user.dirSyncEnabled -eq false (to identify cloud-only identities)
- user.mail -eq null (to identify users with no mail assigned)
If you'd like this feature to be implemented to leverage MSExchangeOnline attributes, I'd recommend leveraging the User Voice forum and creating a feature request, so that engineering teams can look into implementing this. There is already a Community Idea on this for custom security attributes:
https://feedback.azure.com/d365community/idea/c766c341-2ec6-ec11-a81b-0022484ee92d
Thanks
Michael Durkan
- If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!