Share via

Dynamic Membership Rule with Multi-valued directory extension

Carlos Barroso 50 Reputation points
2024-01-25T11:02:55.0733333+00:00

Hello, i have a directory extensions multi value string

"extension_xxxx_TestCollection": [
        "sign2",
        "sign1"
    ],

But int group dynamic membership this extension is considered as simple value and not multi value, so i cant use -any or -all on this attribute :( (user.extension_xxxx_TestCollection -any (_ -eq "sign1")) User's image

Any way to make it work? NB: im not using entra sync or onprem stuff, full cloud

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments
Accepted answer
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-01-25T15:22:30.0033333+00:00

    Hi @Carlos Barroso

    Thank you for posting your query on Q&A.

    I understand that you are have issue using directory extensions multi value string in dynamic group membership.

    Microsoft Entra ID does not support multi-value extension properties within dynamic membership rules you can only use single-valued extension attributes as properties in your dynamic membership rules for groups in Microsoft Entra ID.

    I hope this answer helps! If you have any further questions, please feel free to ask.

    Reference: https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership https://learn.microsoft.com/en-us/entra/identity/users/groups-create-rule

    Thanks, Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.