Hi @Jon Pope X
Thank you for posting this in Microsoft Q&A.
I understand that you are got different lists of users when you use OR in a dynamic group rule versus using two separate rules.
The OR operator is being used to determine if any plan assigned matches Plan 1 or Plan 2, and then filtering further based on the capability status. The AND operator only applies to the second part of the OR statement.
Can you please try to use syntax like the following
(user.assignedPlans -any (
(assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" and assignedPlan.capabilityStatus -eq "Enabled") or
(assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" and assignedPlan.capabilityStatus -eq "Enabled")
))
Please inform me in the comments section if you are experiencing the same results as before.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.