![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Processes in Microsoft 365 for setting up Office apps, redeeming product keys, and activating licenses.
It seems that you are trying to add active users in your tenant to a dynamic user security group in Azure B2C <sup>1</sup>. You have tried a query to add the users, but it is not working as you are trying to exclude “Sign-in blocked” and unlicensed users and guest users from being added to the dynamic user security group <sup>1</sup>. You are wondering what the membership rule should be to exclude these users.
To exclude “Sign-in blocked” and unlicensed users and guest users from being added to the dynamic user security group, you can use the following membership rule:
(user.accountEnabled -eq true) and (user.userType -ne "Guest") and (user.assignedLicenses -any (assignedLicense.servicePlans -any (servicePlan.serviceName -eq "SHAREPOINT") -and assignedLicense.disabledPlans -notContains "SHAREPOINT")) and (user.signInNames -notContains "blockedsigninname")
This membership rule will add only active users who are not “Sign-in blocked” and unlicensed users and guest users to the dynamic user security group <sup>2</sup>.
I hope this helps you!