![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 30%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,472 questions
Hi
As of right now, the only supported properties that can be used with Dynamic membership rules can be found here:
For your scenario, you could use the following:
- user.dirSyncEnabled -eq false (to identify cloud-only identities)
- user.mail -eq null (to identify users with no mail assigned)
If you'd like this feature to be implemented to leverage MSExchangeOnline attributes, I'd recommend leveraging the User Voice forum and creating a feature request, so that engineering teams can look into implementing this. There is already a Community Idea on this for custom security attributes:
https://feedback.azure.com/d365community/idea/c766c341-2ec6-ec11-a81b-0022484ee92d
Thanks
Michael Durkan
- If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!