Automatically Add Synced Users to a Mail-Enabled Security Group for Office 365

Michel 1 Reputation point
2022-04-13T12:50:27.21+00:00

Hi, I understand that devs are unable to add a member to a mail-enabled security group using Graph API. Hoping that is planned API that will be added to Graph.

Is there a way for synced AD users to be automatically added to a mail-enabled security group?

If so, how could I set this up and/or a script example I could use to accomplish that task automatically from Office 365 itself (or any of the admin centers) for any new AD user synced from Azure Connect?

Thanks!

Michel

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
3,377 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 121.2K Reputation points MVP
    2022-04-13T13:00:04.653+00:00

    You could create an Dynamic Group in Azure or Exchange Online based on some common criteria of the synced users. then you wouldnt have to script anything.
    I prefer Azure groups myself

    https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule

    Exchange Online:

    https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-dynamic-distribution-groups/manage-dynamic-distribution-groups?tabs=create-new-eac%2Cproperties-new-eac

    0 comments No comments

  2. Michel 1 Reputation point
    2022-04-14T12:01:08.237+00:00

    Thanks for the reply to this.

    I reviewed the links, but the issue is that the mail-enabled security group that I want to be automatically added for any synced AD user, already exist in the environment.

    Plus I can't change it's 'Membership type' to be Dynamic User. But that is for a security or standard group. I think any mail-enabled security group must be managed through the Exchange admin center. They can't be managed through Azure AD which is why its not supported on Graph yet.

    Hence, on the Exchange Admin Center, I don't know if a dynamic distribution group can be mapped to a mail-enabled security group. Because again, this mail-enabled security group already exist.

    Any thoughts on that? Or is there something that I'm missing here.

    Thank you!

    0 comments No comments

  3. Andy David - MVP 121.2K Reputation points MVP
    2022-04-14T12:15:47.22+00:00

    Can you create a new group instead and use that? thats what I would do