Share via

Unable to modify Dynamic Group Rules in GDAP / PIM

Samuel Amstutz 5 Reputation points
2024-07-29T12:21:59.7133333+00:00

As a Global Admin and User Admin accessing a Customer Tenant in GDAP and PIM, I am unable to modify the "Dynamic membership rules" setting due to the error message "Value cannot be null. Parameter name: values." However, as a CloudOnly User with direct User Admin rights on the same tenant, I can manage the Membership Rules. How can I resolve this issue?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 21,131 Reputation points Microsoft Employee Moderator
    2024-07-30T12:18:04.02+00:00

    @Samuel Amstutz

    Thank you for posting this in Microsoft Q&A.

    As I understand you have Global Admin and User Admin roles assigned accessing a customer Tenant in GDAP and PIM. You are unable to make changes to the dynamic membership rules for groups.

    This is by design, if you have granular delegated admin privileges (GDAP), then Administration of dynamic membership rules is not supported.

    The same is mentioned in below article,

    https://learn.microsoft.com/en-us/partner-center/customers/gdap-supported-workloads#microsoft-entra-id

    If you want to change this behavior, or if you want any additional features in Azure, then you can submit feedback in our Azure feedback portal. This portal is directly managed by our PM's.

    https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.