This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 91%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJF%3C/text%3E%3C/svg%3E)
I created the following dynamic group that includes all my M365 licensed users using the following query:
user.assignedPlans -any (assignedPlan.servicePlanId -eq "094e7854-93fc-4d55-b2c0-3ab536xxxxx" -and assignedPlan.capabilityStatus -eq "Enabled")
I'd like to exclude some admin and resource accounts from the group. I tried the following, but it fails saving saying "Dynamic membership rule validation error: mixed use of properties from different types of objects"
user.assignedPlans -any (assignedPlan.servicePlanId -eq "094e7854-93fc-4d55-b2c0-3ab536xxxxx" -and assignedPlan.capabilityStatus -eq "Enabled") -and (user.userPrincipalName -notin ["@contoso.com","@contoso.com"])
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Just checking in to see if the below answer provided is helped.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Just add some additional ():
(user.assignedPlans -any (assignedPlan.servicePlanId -eq "094e7854-93fc-4d55-b2c0-3ab536xxxxx" -and assignedPlan.capabilityStatus -eq "Enabled")) -and (user.userPrincipalName -notin ["@contoso.com","@contoso.com"])
Doesn't work. Fails with the error message above.
You sure you added the parenthesis? Validation works fine here:
Again, you have to add the additional parenthesis for the first condition. The syntax you are using is not the same as my example above, copy from it.
Got it! Yes - that worked. Thank you