Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Entra ID provides the means to validate rules for dynamic membership groups. On the Validate rules tab, you can validate a rule against sample group members to confirm that the rule is working as expected.
When you create or update rules for dynamic membership groups, you want to know whether a user or a device is a member of the group. This knowledge helps you evaluate whether a user or device meets the rule criteria. It also helps you troubleshoot when membership isn't expected.
Prerequisites
To evaluate the rule for dynamic membership groups, the administrator must be at least a Groups Administrator.
Warning
Assigning one of the required roles via indirect role assignment is not supported.
Validate a rule for dynamic membership groups
Sign in to the Microsoft Entra admin center as at least a Groups Administrator.
Browse to Entra ID > Groups > All groups.
Select an existing dynamic group or create a new dynamic group, and then select Dynamic membership rules.
On the Validate Rules tab, select users to validate their memberships. You can select 20 users or devices at one time.
After you finish selecting users or devices, choose Select. Validation automatically starts. The validation results show whether a user is a member of the group or not.
If the rule isn't valid or if there's a network problem, the results show Unknown. If the value is Unknown, select View details. The detailed error message describes the problem and the necessary actions.
You can modify the rule to trigger a new validation of memberships. To see why a user isn't a member of the group, select View details. Verification details show the result of each expression that composes the rule. Select OK to close the details.