Hi @Henrik
Thank you for posting this in Microsoft Q&A.
I understand your asking if there is a way to exclude specific accounts from being provisioned to an enterprise application in Azure AD, without having to assign users to a specific group for provisioning.
Yes, you can exclude specific accounts from being provisioned to an enterprise application in Azure AD. To do this, you can use a scoping filter in the provisioning configuration for the application.
Here are the steps to exclude specific accounts from being provisioned
- Sign in to the Microsoft Admin Center portal and navigate to the enterprise application that you want to configure.
- Select the Provisioning tab.
- In the Mappings section, select the mapping that you want to configure a scoping filter for: for example, "Synchronize Microsoft Entra users to ServiceNow".
- Select the Source object scope menu.
- Select Add scoping filter.
For more information: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts?pivots=app-provisioning#scoping-filter-construction
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.